]>
Commit | Line | Data |
---|---|---|
7d7d2cbc UM |
1 | $! TESTSS.COM |
2 | $ | |
01d2e27a | 3 | $ __arch = "VAX" |
006c7c6b | 4 | $ if f$getsyi("cpu") .ge. 128 then - |
2de21373 | 5 | __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") |
01d2e27a RL |
6 | $ if __arch .eqs. "" then __arch = "UNK" |
7 | $! | |
8 | $ if (p1 .eqs. "64") then __arch = __arch+ "_64" | |
9 | $! | |
10 | $ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" | |
7d7d2cbc | 11 | $ |
c13ee214 | 12 | $ digest="-md5" |
01d2e27a RL |
13 | $ reqcmd = "mcr ''exe_dir'openssl req" |
14 | $ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" | |
15 | $ verifycmd = "mcr ''exe_dir'openssl verify" | |
16 | $ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" | |
7d7d2cbc UM |
17 | $ |
18 | $ CAkey="""keyCA.ss""" | |
19 | $ CAcert="""certCA.ss""" | |
20 | $ CAreq="""reqCA.ss""" | |
21 | $ CAconf="""CAss.cnf""" | |
22 | $ CAreq2="""req2CA.ss""" ! temp | |
23 | $ | |
24 | $ Uconf="""Uss.cnf""" | |
25 | $ Ukey="""keyU.ss""" | |
26 | $ Ureq="""reqU.ss""" | |
27 | $ Ucert="""certU.ss""" | |
28 | $ | |
29 | $ write sys$output "" | |
30 | $ write sys$output "make a certificate request using 'req'" | |
c13ee214 RL |
31 | $ |
32 | $ set noon | |
33 | $ define/user sys$output nla0: | |
34 | $ mcr 'exe_dir'openssl no-rsa | |
35 | $ save_severity=$SEVERITY | |
36 | $ set on | |
37 | $ if save_severity | |
38 | $ then | |
39 | $ req_new="-newkey dsa:[-.apps]dsa512.pem" | |
40 | $ else | |
41 | $ req_new="-new" | |
42 | $ endif | |
43 | $ | |
44 | $ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss | |
7d7d2cbc UM |
45 | $ if $severity .ne. 1 |
46 | $ then | |
47 | $ write sys$output "error using 'req' to generate a certificate request" | |
48 | $ exit 3 | |
49 | $ endif | |
50 | $ write sys$output "" | |
51 | $ write sys$output "convert the certificate request into a self signed certificate using 'x509'" | |
52 | $ define /user sys$output err.ss | |
53 | $ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' | |
54 | $ if $severity .ne. 1 | |
55 | $ then | |
56 | $ write sys$output "error using 'x509' to self sign a certificate request" | |
57 | $ exit 3 | |
58 | $ endif | |
59 | $ | |
60 | $ write sys$output "" | |
61 | $ write sys$output "convert a certificate into a certificate request using 'x509'" | |
62 | $ define /user sys$output err.ss | |
63 | $ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' | |
64 | $ if $severity .ne. 1 | |
65 | $ then | |
66 | $ write sys$output "error using 'x509' convert a certificate to a certificate request" | |
67 | $ exit 3 | |
68 | $ endif | |
69 | $ | |
8c197cc5 | 70 | $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout |
7d7d2cbc UM |
71 | $ if $severity .ne. 1 |
72 | $ then | |
73 | $ write sys$output "first generated request is invalid" | |
74 | $ exit 3 | |
75 | $ endif | |
76 | $ | |
8c197cc5 | 77 | $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout |
7d7d2cbc UM |
78 | $ if $severity .ne. 1 |
79 | $ then | |
80 | $ write sys$output "second generated request is invalid" | |
81 | $ exit 3 | |
82 | $ endif | |
83 | $ | |
84 | $ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' | |
85 | $ if $severity .ne. 1 | |
86 | $ then | |
87 | $ write sys$output "first generated cert is invalid" | |
88 | $ exit 3 | |
89 | $ endif | |
90 | $ | |
91 | $ write sys$output "" | |
92 | $ write sys$output "make another certificate request using 'req'" | |
93 | $ define /user sys$output err.ss | |
c13ee214 | 94 | $ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' |
7d7d2cbc UM |
95 | $ if $severity .ne. 1 |
96 | $ then | |
97 | $ write sys$output "error using 'req' to generate a certificate request" | |
98 | $ exit 3 | |
99 | $ endif | |
100 | $ | |
101 | $ write sys$output "" | |
102 | $ write sys$output "sign certificate request with the just created CA via 'x509'" | |
103 | $ define /user sys$output err.ss | |
104 | $ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' | |
105 | $ if $severity .ne. 1 | |
106 | $ then | |
107 | $ write sys$output "error using 'x509' to sign a certificate request" | |
108 | $ exit 3 | |
109 | $ endif | |
110 | $ | |
111 | $ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' | |
112 | $ write sys$output "" | |
113 | $ write sys$output "Certificate details" | |
114 | $ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' | |
115 | $ | |
116 | $ write sys$output "" | |
117 | $ write sys$output "The generated CA certificate is ",CAcert | |
118 | $ write sys$output "The generated CA private key is ",CAkey | |
119 | $ | |
120 | $ write sys$output "The generated user certificate is ",Ucert | |
121 | $ write sys$output "The generated user private key is ",Ukey | |
122 | $ | |
8c197cc5 | 123 | $ if f$search("err.ss;*") .nes. "" then delete err.ss;* |