]>
Commit | Line | Data |
---|---|---|
7eceffbf DSH |
1 | rem set ssleay=..\out\ssleay |
2 | set ssleay=%1 | |
3 | ||
4 | set reqcmd=%ssleay% req | |
5 | set x509cmd=%ssleay% x509 | |
6 | set verifycmd=%ssleay% verify | |
7 | ||
8 | set CAkey=\OpenSSL\keyCA.ss | |
9 | set CAcert=\OpenSSL\certCA.ss | |
10 | set CAserial=\OpenSSL\certCA.srl | |
11 | set CAreq=\OpenSSL\reqCA.ss | |
12 | cecopy ..\test\CAss.cnf CE:\OpenSSL | |
13 | set CAconf=\OpenSSL\CAss.cnf | |
14 | set CAreq2=\OpenSSL\req2CA.ss | |
15 | ||
16 | cecopy ..\test\Uss.cnf CE:\OpenSSL | |
17 | set Uconf=\OpenSSL\Uss.cnf | |
18 | set Ukey=\OpenSSL\keyU.ss | |
19 | set Ureq=\OpenSSL\reqU.ss | |
20 | set Ucert=\OpenSSL\certU.ss | |
21 | ||
22 | echo make a certificate request using 'req' | |
23 | cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new | |
24 | if errorlevel 1 goto e_req | |
25 | ||
26 | echo convert the certificate request into a self signed certificate using 'x509' | |
27 | cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss" | |
28 | if errorlevel 1 goto e_x509 | |
29 | ||
30 | echo -- | |
31 | echo convert a certificate into a certificate request using 'x509' | |
32 | cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss" | |
33 | if errorlevel 1 goto e_x509_2 | |
34 | ||
35 | cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout | |
36 | if errorlevel 1 goto e_vrfy_1 | |
37 | ||
38 | cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout | |
39 | if errorlevel 1 goto e_vrfy_2 | |
40 | ||
41 | cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert% | |
42 | if errorlevel 1 goto e_vrfy_3 | |
43 | ||
44 | echo -- | |
45 | echo make another certificate request using 'req' | |
46 | cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss" | |
47 | if errorlevel 1 goto e_req_gen | |
48 | ||
49 | echo -- | |
50 | echo sign certificate request with the just created CA via 'x509' | |
51 | cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial% | |
52 | if errorlevel 1 goto e_x_sign | |
53 | ||
54 | cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert% | |
55 | echo -- | |
56 | echo Certificate details | |
57 | cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert% | |
58 | ||
59 | cecopy CE:%CAcert% . | |
60 | cecopy CE:%CAkey% . | |
61 | cecopy CE:%CAserial% . | |
62 | cecopy CE:%Ucert% . | |
63 | cecopy CE:%Ukey% . | |
64 | ||
65 | echo Everything appeared to work | |
66 | echo -- | |
67 | echo The generated CA certificate is %CAcert% | |
68 | echo The generated CA private key is %CAkey% | |
69 | echo The current CA signing serial number is in %CAserial% | |
70 | ||
71 | echo The generated user certificate is %Ucert% | |
72 | echo The generated user private key is %Ukey% | |
73 | echo -- | |
74 | ||
75 | cedel CE:\OpenSSL\err.ss | |
76 | ||
77 | goto end | |
78 | ||
79 | :e_req | |
80 | echo error using 'req' to generate a certificate request | |
81 | goto end | |
82 | :e_x509 | |
83 | echo error using 'x509' to self sign a certificate request | |
84 | goto end | |
85 | :e_x509_2 | |
86 | echo error using 'x509' convert a certificate to a certificate request | |
87 | goto end | |
88 | :e_vrfy_1 | |
89 | echo first generated request is invalid | |
90 | goto end | |
91 | :e_vrfy_2 | |
92 | echo second generated request is invalid | |
93 | goto end | |
94 | :e_vrfy_3 | |
95 | echo first generated cert is invalid | |
96 | goto end | |
97 | :e_req_gen | |
98 | echo error using 'req' to generate a certificate request | |
99 | goto end | |
100 | :e_x_sign | |
101 | echo error using 'x509' to sign a certificate request | |
102 | goto end | |
103 | ||
104 | :end |