generate signing request for client certificate via openssl

.gitignore

@@ -0,0 +1,3 @@
+/key.enc.pem
+/csr.pem
+/csr.openssl-text

Makefile

@@ -0,0 +1,16 @@
+all : key.enc.pem csr.pem csr.openssl-text
+
+key.enc.pem :
+	openssl genrsa -out $@ -aes256 2048
+
+csr.pem : key.enc.pem openssl.conf
+	openssl req -batch -new -key key.enc.pem \
+		-config openssl.conf -sha256 -out $@
+
+csr.openssl-text : csr.pem
+	openssl req -in $^ -noout -text >$@
+
+clean :
+	-shred key.enc.pem && rm key.enc.pem
+	-trash csr.pem
+	-trash csr.openssl-text

openssl.conf

@@ -0,0 +1,18 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+req_extensions = req_extensions
+
+[ req_distinguished_name ]
+C = AT
+CN = Fabian Peter Hammerle
+emailAddress = fabian@hammerle.me
+
+[ req_extensions ]
+subjectAltName = email:fabian@hammerle.me, email:fabian.hammerle@gmail.com
+basicConstraints = critical,CA:FALSE
+keyUsage = digitalSignature
+extendedKeyUsage = clientAuth
+nsCertType = client
+nsComment = client authentication only
+subjectKeyIdentifier = hash