# Password for all users and teh CA is 'demo'
# Password for all key- and truststores is 'changeit'

# Clean
# rm server.*

# Create CA
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

# Create Keystore and Truststore and add CA to them
keytool -import -keystore server.ts -file ca.crt -alias ArgeoDemoCA
keytool -import -keystore server.ks -file ca.crt -alias ArgeoDemoCA

# Tomcat Server
# (we must use keytool)
keytool -genkey -alias tomcat -keyalg RSA -keysize 4096 -keystore server.ks
keytool -certreq -alias tomcat -keystore server.ks -file tomcat.csr
openssl x509 -req -set_serial 02 -days 3650 -in tomcat.csr -CA ca.crt -CAkey ca.key -out tomcat.crt
keytool -importcert -alias tomcat -keystore server.ks -file tomcat.crt

# Root User
openssl genrsa -des3 -out root@demo.key 4096 
openssl req -new -key root@demo.key -out root@demo.csr
openssl x509 -req -set_serial 03 -days 3650 -in root@demo.csr -CA ca.crt -CAkey ca.key -out root@demo.crt
openssl pkcs12 -export -out root@demo.p12 -inkey root@demo.key -in root@demo.crt -certfile ca.crt

# Demo User
openssl genrsa -des3 -out demo@demo.key 4096 
openssl req -new -key demo@demo.key -out demo@demo.csr
openssl x509 -req -set_serial 04 -days 3650 -in demo@demo.csr -CA ca.crt -CAkey ca.key -out demo@demo.crt
openssl pkcs12 -export -out demo@demo.p12 -inkey demo@demo.key -in demo@demo.crt -certfile ca.crt