Create self signed certificates

 ################## Create root ca certificate
# Create a private key
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 \
  -pkeyopt ec_param_enc:named_curve -out ca.key

# Extract the public key
openssl ec -in ca.key -pubout -out ca_public.key

# Create signing certificate in one step
# Create root ca certificate
openssl req -new -days 3650 -nodes -x509 -extensions v3_req -extensions v3_ca \
  -subj "/C=US/ST=North Carolina/L=Raleigh/O=org0.example.com/CN=ca1.org0.example.com" \
  -addext "keyUsage=critical,digitalSignature,keyEncipherment,keyCertSign,cRLSign" \
  -addext "extendedKeyUsage=serverAuth,clientAuth" \
  -addext "subjectAltName=IP.1:192.168.56.32" -key ca.key  \
  -out ca.crt

# Inspect the certificate
openssl x509 -noout -text -in ca.crt

################ Create User certificate
# Create private key for admin
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 \
  -pkeyopt ec_param_enc:named_curve -out admin.key

# Extract public key for admin
openssl ec -in admin.key -pubout -out admin_public.key

# Create admin CSR
openssl req -new -key admin.key -extensions v3_req \
  -subj "/C=US/ST=North Carolina/L=Raleigh/OU=admin/OU=client/CN=Admin@org0.example.com" \
  -out admin.csr

# Verify CSR
openssl req -verify -text -noout -in admin.csr

# The content of v3.ext file
# keyUsage = critical,digitalSignature
# basicConstraints = critical,CA:FALSE
# authorityKeyIdentifier = keyid,issuer

# key usage can be other values as well
# keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

# Now sign the CSR with ca key and cert
openssl x509 -req -days 3560 -extfile v3.ext -in admin.csr -CA ca.crt -CAkey ca.key \
  -CAcreateserial -sha256 -out admin.crt

# Verify certificate
openssl x509 -noout -text -in admin.crt

################ Create peer and orderer certificate
# Create private key for peer1
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 \
  -pkeyopt ec_param_enc:named_curve -out peer1.key

# Extract public key for peer1
openssl ec -in peer1.key -pubout -out peer1_public.key

# Create peer1 CSR
openssl req -new -key peer1.key -extensions v3_req \
  -subj "/C=US/ST=North Carolina/L=Raleigh/OU=peer/CN=peer1.org0.example.com" \
  -out peer1.csr

# Verify CSR
openssl req -verify -text -noout -in peer1.csr

# The content of v3.ext file
# keyUsage = critical,digitalSignature
# basicConstraints = critical,CA:FALSE
# authorityKeyIdentifier = keyid,issuer

# key usage can be other values as well
# keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

# Now sign the CSR with ca key and cert
openssl x509 -req -days 3560 -extfile v3.ext -in peer1.csr -CA ca.crt -CAkey ca.key \
  -CAcreateserial -sha256 -out peer1.crt

# Verify certificate
openssl x509 -noout -text -in peer1.crt