]>
Commit | Line | Data |
---|---|---|
a0957d55 DSH |
1 | #!/bin/sh |
2 | ||
3 | # Utility to recreate S/MIME certificates | |
4 | ||
5 | OPENSSL=../../apps/openssl | |
6 | OPENSSL_CONF=./ca.cnf | |
7 | export OPENSSL_CONF | |
8 | ||
9 | # Root CA: create certificate directly | |
10 | CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ | |
11 | -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 | |
12 | ||
13 | # EE RSA certificates: create request first | |
14 | CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ | |
15 | -keyout smrsa1.pem -out req.pem -newkey rsa:2048 | |
16 | # Sign request: end entity extensions | |
17 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
18 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem | |
19 | ||
20 | CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ | |
21 | -keyout smrsa2.pem -out req.pem -newkey rsa:2048 | |
22 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
23 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem | |
24 | ||
25 | CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ | |
26 | -keyout smrsa3.pem -out req.pem -newkey rsa:2048 | |
27 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
28 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem | |
29 | ||
30 | # Create DSA parameters | |
31 | ||
32 | $OPENSSL dsaparam -out dsap.pem 2048 | |
33 | ||
34 | CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ | |
35 | -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem | |
36 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
37 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem | |
38 | CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ | |
39 | -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem | |
40 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
41 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem | |
42 | CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ | |
43 | -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem | |
44 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
45 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem | |
46 | ||
47 | # Create EC parameters | |
48 | ||
49 | $OPENSSL ecparam -out ecp.pem -name P-256 | |
50 | $OPENSSL ecparam -out ecp2.pem -name K-283 | |
51 | ||
52 | CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ | |
53 | -keyout smec1.pem -out req.pem -newkey ec:ecp.pem | |
54 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
55 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem | |
56 | CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ | |
57 | -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem | |
58 | $OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ | |
59 | -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem | |
60 | # Remove temp files. | |
61 | rm -f req.pem ecp.pem ecp2.pem dsap.pem smroot.srl |