[thirdparty/openssl.git] / test / smime-certs / mksmime-certs.sh

#!/bin/sh

# Utility to recreate S/MIME certificates

OPENSSL=../../apps/openssl
OPENSSL_CONF=./ca.cnf
export OPENSSL_CONF

# Root CA: create certificate directly
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \
	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650

# EE RSA certificates: create request first
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \
	-keyout smrsa1.pem -out req.pem -newkey rsa:2048
# Sign request: end entity extensions
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem

CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \
	-keyout smrsa2.pem -out req.pem -newkey rsa:2048
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem

CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \
	-keyout smrsa3.pem -out req.pem -newkey rsa:2048
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem

# Create DSA parameters

$OPENSSL dsaparam -out dsap.pem 2048

CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \
	-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \
	-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \
	-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem

# Create EC parameters

$OPENSSL ecparam -out ecp.pem -name P-256
$OPENSSL ecparam -out ecp2.pem -name K-283

CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \
	-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \
	-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
# Remove temp files.
rm -f req.pem ecp.pem ecp2.pem dsap.pem smroot.srl
Commit	Line	Data
a0957d55 DSH	1	#!/bin/sh
	2
	3	# Utility to recreate S/MIME certificates
	4
	5	OPENSSL=../../apps/openssl
	6	OPENSSL_CONF=./ca.cnf
	7	export OPENSSL_CONF
	8
	9	# Root CA: create certificate directly
	10	CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \
	11	-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
	12
	13	# EE RSA certificates: create request first
	14	CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \
	15	-keyout smrsa1.pem -out req.pem -newkey rsa:2048
	16	# Sign request: end entity extensions
	17	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	18	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
	19
	20	CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \
	21	-keyout smrsa2.pem -out req.pem -newkey rsa:2048
	22	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	23	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
	24
	25	CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \
	26	-keyout smrsa3.pem -out req.pem -newkey rsa:2048
	27	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	28	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
	29
	30	# Create DSA parameters
	31
	32	$OPENSSL dsaparam -out dsap.pem 2048
	33
	34	CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \
	35	-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
	36	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	37	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
	38	CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \
	39	-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
	40	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	41	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
	42	CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \
	43	-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
	44	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	45	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
	46
	47	# Create EC parameters
	48
	49	$OPENSSL ecparam -out ecp.pem -name P-256
	50	$OPENSSL ecparam -out ecp2.pem -name K-283
	51
	52	CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \
	53	-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
	54	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	55	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
	56	CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \
	57	-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
	58	$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
	59	-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
	60	# Remove temp files.
	61	rm -f req.pem ecp.pem ecp2.pem dsap.pem smroot.srl