projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 18a31aa8 BM |
1 | #!/bin/sh |
| 2 | ||
| 3 | # For a list of supported curves, use "apps/openssl ecparam -list_curves". | |
| 4 | ||
| 5 | # Path to the openssl distribution | |
| 6 | OPENSSL_DIR=../.. | |
| 7 | # Path to the openssl program | |
| 8 | OPENSSL_CMD=$OPENSSL_DIR/apps/openssl | |
| 9 | # Option to find configuration file | |
| 10 | OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" | |
| 11 | # Directory where certificates are stored | |
| 12 | CERTS_DIR=./Certs | |
| 13 | # Directory where private key files are stored | |
| 14 | KEYS_DIR=$CERTS_DIR | |
| 15 | # Directory where combo files (containing a certificate and corresponding | |
| 16 | # private key together) are stored | |
| 17 | COMBO_DIR=$CERTS_DIR | |
| 18 | # cat command | |
| 19 | CAT=/bin/cat | |
| 20 | # rm command | |
| 21 | RM=/bin/rm | |
| c2bbf275 BM |
22 | # mkdir command |
| 23 | MKDIR=/bin/mkdir | |
| 18a31aa8 BM |
24 | # The certificate will expire these many days after the issue date. |
| 25 | DAYS=1500 | |
| 26 | TEST_CA_FILE=rsa1024TestCA | |
| 27 | TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" | |
| 28 | ||
| 29 | TEST_SERVER_FILE=rsa1024TestServer | |
| 30 | TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" | |
| 31 | ||
| 32 | TEST_CLIENT_FILE=rsa1024TestClient | |
| 33 | TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" | |
| 34 | ||
| 35 | # Generating an EC certificate involves the following main steps | |
| 36 | # 1. Generating curve parameters (if needed) | |
| 37 | # 2. Generating a certificate request | |
| 38 | # 3. Signing the certificate request | |
| 39 | # 4. [Optional] One can combine the cert and private key into a single | |
| 40 | # file and also delete the certificate request | |
| 41 | ||
| c2bbf275 BM |
42 | $MKDIR -p $CERTS_DIR |
| 43 | $MKDIR -p $KEYS_DIR | |
| 44 | $MKDIR -p $COMBO_DIR | |
| 45 | ||
| 18a31aa8 BM |
46 | echo "Generating self-signed CA certificate (RSA)" |
| 47 | echo "===========================================" | |
| 48 | ||
| 49 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ | |
| 50 | -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
| 51 | -newkey rsa:1024 -new \ | |
| 52 | -out $CERTS_DIR/$TEST_CA_FILE.req.pem | |
| 53 | ||
| 54 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
| 55 | -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ | |
| 56 | -extfile $OPENSSL_DIR/apps/openssl.cnf \ | |
| 57 | -extensions v3_ca \ | |
| 58 | -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
| 59 | -out $CERTS_DIR/$TEST_CA_FILE.cert.pem | |
| 60 | ||
| 61 | # Display the certificate | |
| 62 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text | |
| 63 | ||
| 64 | # Place the certificate and key in a common file | |
| 65 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ | |
| 66 | > $COMBO_DIR/$TEST_CA_FILE.pem | |
| 67 | $CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem | |
| 68 | ||
| 69 | # Remove the cert request file (no longer needed) | |
| 70 | $RM $CERTS_DIR/$TEST_CA_FILE.req.pem | |
| 71 | ||
| 72 | echo "GENERATING A TEST SERVER CERTIFICATE (RSA)" | |
| 73 | echo "==========================================" | |
| 74 | ||
| 75 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ | |
| 76 | -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ | |
| 77 | -newkey rsa:1024 -new \ | |
| 78 | -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem | |
| 79 | ||
| 80 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
| 81 | -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ | |
| 82 | -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ | |
| 83 | -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
| 84 | -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial | |
| 85 | ||
| 86 | # Display the certificate | |
| 87 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text | |
| 88 | ||
| 89 | # Place the certificate and key in a common file | |
| 90 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ | |
| 91 | > $COMBO_DIR/$TEST_SERVER_FILE.pem | |
| 92 | $CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem | |
| 93 | ||
| 94 | # Remove the cert request file (no longer needed) | |
| 95 | $RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem | |
| 96 | ||
| 97 | echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)" | |
| 98 | echo "==========================================" | |
| 99 | ||
| 100 | $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ | |
| 101 | -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ | |
| 102 | -newkey rsa:1024 -new \ | |
| 103 | -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem | |
| 104 | ||
| 105 | $OPENSSL_CMD x509 -req -days $DAYS \ | |
| 106 | -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ | |
| 107 | -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ | |
| 108 | -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ | |
| 109 | -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial | |
| 110 | ||
| 111 | # Display the certificate | |
| 112 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text | |
| 113 | ||
| 114 | # Place the certificate and key in a common file | |
| 115 | $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ | |
| 116 | > $COMBO_DIR/$TEST_CLIENT_FILE.pem | |
| 117 | $CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem | |
| 118 | ||
| 119 | # Remove the cert request file (no longer needed) | |
| 120 | $RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem | |
| 121 |