]>
Commit | Line | Data |
---|---|---|
7d7d2cbc UM |
1 | $! TESTSS.COM |
2 | $ | |
3 | $ __arch := VAX | |
48f48d96 RL |
4 | $ if f$getsyi("cpu") .ge. 128 then - |
5 | __arch := f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") | |
6 | $ if __arch .eqs. "" then __arch := UNK | |
7d7d2cbc UM |
7 | $ exe_dir := sys$disk:[-.'__arch'.exe.apps] |
8 | $ | |
c13ee214 | 9 | $ digest="-md5" |
7d7d2cbc UM |
10 | $ reqcmd := mcr 'exe_dir'openssl req |
11 | $ x509cmd := mcr 'exe_dir'openssl x509 'digest' | |
12 | $ verifycmd := mcr 'exe_dir'openssl verify | |
8c197cc5 | 13 | $ dummycnf := sys$disk:[-.apps]openssl-vms.cnf |
7d7d2cbc UM |
14 | $ |
15 | $ CAkey="""keyCA.ss""" | |
16 | $ CAcert="""certCA.ss""" | |
17 | $ CAreq="""reqCA.ss""" | |
18 | $ CAconf="""CAss.cnf""" | |
19 | $ CAreq2="""req2CA.ss""" ! temp | |
20 | $ | |
21 | $ Uconf="""Uss.cnf""" | |
22 | $ Ukey="""keyU.ss""" | |
23 | $ Ureq="""reqU.ss""" | |
24 | $ Ucert="""certU.ss""" | |
25 | $ | |
26 | $ write sys$output "" | |
27 | $ write sys$output "make a certificate request using 'req'" | |
c13ee214 RL |
28 | $ |
29 | $ set noon | |
30 | $ define/user sys$output nla0: | |
31 | $ mcr 'exe_dir'openssl no-rsa | |
32 | $ save_severity=$SEVERITY | |
33 | $ set on | |
34 | $ if save_severity | |
35 | $ then | |
36 | $ req_new="-newkey dsa:[-.apps]dsa512.pem" | |
37 | $ else | |
38 | $ req_new="-new" | |
39 | $ endif | |
40 | $ | |
41 | $ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss | |
7d7d2cbc UM |
42 | $ if $severity .ne. 1 |
43 | $ then | |
44 | $ write sys$output "error using 'req' to generate a certificate request" | |
45 | $ exit 3 | |
46 | $ endif | |
47 | $ write sys$output "" | |
48 | $ write sys$output "convert the certificate request into a self signed certificate using 'x509'" | |
49 | $ define /user sys$output err.ss | |
50 | $ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' | |
51 | $ if $severity .ne. 1 | |
52 | $ then | |
53 | $ write sys$output "error using 'x509' to self sign a certificate request" | |
54 | $ exit 3 | |
55 | $ endif | |
56 | $ | |
57 | $ write sys$output "" | |
58 | $ write sys$output "convert a certificate into a certificate request using 'x509'" | |
59 | $ define /user sys$output err.ss | |
60 | $ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' | |
61 | $ if $severity .ne. 1 | |
62 | $ then | |
63 | $ write sys$output "error using 'x509' convert a certificate to a certificate request" | |
64 | $ exit 3 | |
65 | $ endif | |
66 | $ | |
8c197cc5 | 67 | $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout |
7d7d2cbc UM |
68 | $ if $severity .ne. 1 |
69 | $ then | |
70 | $ write sys$output "first generated request is invalid" | |
71 | $ exit 3 | |
72 | $ endif | |
73 | $ | |
8c197cc5 | 74 | $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout |
7d7d2cbc UM |
75 | $ if $severity .ne. 1 |
76 | $ then | |
77 | $ write sys$output "second generated request is invalid" | |
78 | $ exit 3 | |
79 | $ endif | |
80 | $ | |
81 | $ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' | |
82 | $ if $severity .ne. 1 | |
83 | $ then | |
84 | $ write sys$output "first generated cert is invalid" | |
85 | $ exit 3 | |
86 | $ endif | |
87 | $ | |
88 | $ write sys$output "" | |
89 | $ write sys$output "make another certificate request using 'req'" | |
90 | $ define /user sys$output err.ss | |
c13ee214 | 91 | $ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' |
7d7d2cbc UM |
92 | $ if $severity .ne. 1 |
93 | $ then | |
94 | $ write sys$output "error using 'req' to generate a certificate request" | |
95 | $ exit 3 | |
96 | $ endif | |
97 | $ | |
98 | $ write sys$output "" | |
99 | $ write sys$output "sign certificate request with the just created CA via 'x509'" | |
100 | $ define /user sys$output err.ss | |
101 | $ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' | |
102 | $ if $severity .ne. 1 | |
103 | $ then | |
104 | $ write sys$output "error using 'x509' to sign a certificate request" | |
105 | $ exit 3 | |
106 | $ endif | |
107 | $ | |
108 | $ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' | |
109 | $ write sys$output "" | |
110 | $ write sys$output "Certificate details" | |
111 | $ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' | |
112 | $ | |
113 | $ write sys$output "" | |
114 | $ write sys$output "The generated CA certificate is ",CAcert | |
115 | $ write sys$output "The generated CA private key is ",CAkey | |
116 | $ | |
117 | $ write sys$output "The generated user certificate is ",Ucert | |
118 | $ write sys$output "The generated user private key is ",Ukey | |
119 | $ | |
8c197cc5 | 120 | $ if f$search("err.ss;*") .nes. "" then delete err.ss;* |