From 3609bc5f8a70bf538e458befa3e781a3eba1317d Mon Sep 17 00:00:00 2001
From: Firas Ghanmi <fghanmi@redhat.com>
Date: Wed, 31 Jul 2024 00:21:57 +0200
Subject: [PATCH] fix conflicts, add keys generation commands

Signed-off-by: Firas Ghanmi <fghanmi@redhat.com>
---
 config/tls/key_cert_generation.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 config/tls/key_cert_generation.md

diff --git a/config/tls/key_cert_generation.md b/config/tls/key_cert_generation.md
new file mode 100644
index 000000000..5a16f62da
--- /dev/null
+++ b/config/tls/key_cert_generation.md
@@ -0,0 +1,21 @@
+# Generation of ct_server key/cert and CA certficate
+
+## Commands
+
+```
+# 1. Generate CA's private key and self-signed certificate
+openssl req -x509 -newkey rsa:4096 -days 36500 -nodes -keyout ca.key -out ca.crt -subj "/CN=My CA"
+
+# 2. Generate ct_server's private key and certificate signing request (CSR)
+openssl req -newkey rsa:4096 -nodes -keyout tls.key -out server-req.pem -subj "/=Server TLS/OU=Server/CN=*/emailAddress=tls@gmail.com"
+
+# 3. SAN
+echo "subjectAltName=DNS:*,DNS:ct_server,IP:0.0.0.0" > server-ext.cnf
+
+# 3. Use CA's private key to sign ct_server's CSR and get back the signed certificate
+openssl x509 -req -in server-req.pem -days 60 -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -extfile server-ext.cnf
+
+# 4. Clean-up 
+rm ca.key ca.srl server-ext.cnf server-req.pem
+
+```
\ No newline at end of file