]>
Commit | Line | Data |
---|---|---|
18a31aa8 BM |
1 | #!/bin/sh |
2 | ||
3 | # For a list of supported curves, use "apps/openssl ecparam -list_curves". | |
4 | ||
5 | # Path to the openssl distribution | |
6 | OPENSSL_DIR=../.. | |
7 | # Path to the openssl program | |
8 | OPENSSL_CMD=$OPENSSL_DIR/apps/openssl | |
9 | # Option to find configuration file | |
10 | OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" | |
11 | # Directory where certificates are stored | |
12 | CERTS_DIR=./Certs | |
13 | # Directory where private key files are stored | |
14 | KEYS_DIR=$CERTS_DIR | |
15 | # Directory where combo files (containing a certificate and corresponding | |
16 | # private key together) are stored | |
17 | COMBO_DIR=$CERTS_DIR | |
18 | # cat command | |
19 | CAT=/bin/cat | |
20 | # rm command | |
21 | RM=/bin/rm | |
c2bbf275 BM |
22 | # mkdir command |
23 | MKDIR=/bin/mkdir | |
18a31aa8 BM |
24 | # The certificate will expire these many days after the issue date. |
25 | DAYS=1500 | |
26 | TEST_CA_FILE=rsa1024TestCA | |
27 | TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" | |
28 | ||
29 | TEST_SERVER_FILE=rsa1024TestServer | |
30 | TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" | |
31 | ||
32 | TEST_CLIENT_FILE=rsa1024TestClient | |
33 | TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" | |
34 | ||
35 | # Generating an EC certificate involves the following main steps | |
36 | # 1. Generating curve parameters (if needed) | |
37 | # 2. Generating a certificate request | |
38 | # 3. Signing the certificate request | |
39 | # 4. [Optional] One can combine the cert and private key into a single | |
40 | # file and also delete the certificate request | |
41 | ||
c2bbf275 BM |
42 | $MKDIR -p $CERTS_DIR |
43 | $MKDIR -p $KEYS_DIR | |
44 | $MKDIR -p $COMBO_DIR | |
45 | ||
18a31aa8 BM |
46 | echo "Generating self-signed CA certificate (RSA)" |
47 | echo "===========================================" | |
48 | ||
49 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ | |
50 | -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
51 | -newkey rsa:1024 -new \ | |
52 | -out $CERTS_DIR/$TEST_CA_FILE.req.pem | |
53 | ||
54 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
55 | -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ | |
56 | -extfile $OPENSSL_DIR/apps/openssl.cnf \ | |
57 | -extensions v3_ca \ | |
58 | -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
59 | -out $CERTS_DIR/$TEST_CA_FILE.cert.pem | |
60 | ||
61 | # Display the certificate | |
62 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text | |
63 | ||
64 | # Place the certificate and key in a common file | |
65 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ | |
66 | > $COMBO_DIR/$TEST_CA_FILE.pem | |
67 | $CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem | |
68 | ||
69 | # Remove the cert request file (no longer needed) | |
70 | $RM $CERTS_DIR/$TEST_CA_FILE.req.pem | |
71 | ||
72 | echo "GENERATING A TEST SERVER CERTIFICATE (RSA)" | |
73 | echo "==========================================" | |
74 | ||
75 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ | |
76 | -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ | |
77 | -newkey rsa:1024 -new \ | |
78 | -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem | |
79 | ||
80 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
81 | -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ | |
82 | -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ | |
83 | -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
84 | -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial | |
85 | ||
86 | # Display the certificate | |
87 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text | |
88 | ||
89 | # Place the certificate and key in a common file | |
90 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ | |
91 | > $COMBO_DIR/$TEST_SERVER_FILE.pem | |
92 | $CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem | |
93 | ||
94 | # Remove the cert request file (no longer needed) | |
95 | $RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem | |
96 | ||
97 | echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)" | |
98 | echo "==========================================" | |
99 | ||
100 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ | |
101 | -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ | |
102 | -newkey rsa:1024 -new \ | |
103 | -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem | |
104 | ||
105 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
106 | -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ | |
107 | -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ | |
108 | -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
109 | -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial | |
110 | ||
111 | # Display the certificate | |
112 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text | |
113 | ||
114 | # Place the certificate and key in a common file | |
115 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ | |
116 | > $COMBO_DIR/$TEST_CLIENT_FILE.pem | |
117 | $CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem | |
118 | ||
119 | # Remove the cert request file (no longer needed) | |
120 | $RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem | |
121 |