5 mkdir
-p test-ca
/newcerts
8 echo "---[ Update server certificates ]---------------------------------------"
12 sed "s/#@CN@/commonName_default = server.w1.fi/" |
13 sed "s/#@ALTNAME@/subjectAltName=DNS:server.w1.fi/" \
15 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server.csr
-out server.pem
-extensions ext_server
17 $OPENSSL pkcs12
-export -out server.pkcs12
-in server.pem
-inkey server.key
-passout pass
:
18 $OPENSSL pkcs12
-export -out server-extra.pkcs12
-in server.pem
-inkey server.key
-descert -certfile user.pem
-passout pass
:whatever
-name server
21 sed "s/#@CN@/commonName_default = server3.w1.fi/" \
23 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server-no-dnsname.csr
-out server-no-dnsname.pem
-extensions ext_server
26 sed "s/#@CN@/commonName_default = server5.w1.fi/" \
28 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server-eku-client.csr
-out server-eku-client.pem
-extensions ext_client
31 sed "s/#@CN@/commonName_default = server6.w1.fi/" \
33 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server-eku-client-server.csr
-out server-eku-client-server.pem
-extensions ext_client_server
36 sed "s/#@CN@/commonName_default = server-policies.w1.fi/" |
37 sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies.w1.fi/" |
38 sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.1/" \
40 #$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
41 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server-certpol.csr
-out server-certpol.pem
-extensions ext_server
44 sed "s/#@CN@/commonName_default = server-policies2.w1.fi/" |
45 sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies2.w1.fi/" |
46 sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.2/" \
48 #$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol2.key -out server-certpol2.csr -outform PEM -sha256
49 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in server-certpol2.csr
-out server-certpol2.pem
-extensions ext_server
52 echo "---[ Update user certificates ]-----------------------------------------"
55 cat openssl2.cnf |
sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp
56 $OPENSSL ca
-config $PWD/openssl.cnf.tmp
-batch -in user.csr
-out user.pem
-extensions ext_client
59 $OPENSSL pkcs12
-export -out user.pkcs12
-in user.pem
-inkey user.key
-descert -passout pass
:whatever
60 $OPENSSL pkcs12
-export -out user2.pkcs12
-in user.pem
-inkey user.key
-descert -name Test
-certfile server.pem
-passout pass
:whatever
61 $OPENSSL pkcs12
-export -out user3.pkcs12
-in user.pem
-inkey user.key
-descert -name "my certificates" -certfile ca.pem
-passout pass
:whatever
64 echo "---[ Update OCSP ]------------------------------------------------------"
67 $OPENSSL ocsp
-CAfile test-ca
/cacert.pem
-issuer test-ca
/cacert.pem
-cert server.pem
-reqout ocsp-req.der
-no_nonce
68 $OPENSSL ocsp
-index test-ca
/index.txt
-rsigner test-ca
/cacert.pem
-rkey test-ca
/private
/cakey.pem
-CA test-ca
/cacert.pem
-resp_no_certs -reqin ocsp-req.der
-respout ocsp-server-cache.der
69 SIZ
=`ls -l ocsp-server-cache.der | cut -f5 -d' '`
70 (echo -n 000; echo "obase=16;$SIZ" |
bc) | xxd
-r -ps > ocsp-multi-server-cache.der
71 cat ocsp-server-cache.der
>> ocsp-multi-server-cache.der
74 echo "---[ Additional steps ]-------------------------------------------------"
77 echo "test_ap_eap.py: ap_wpa2_eap_ttls_server_cert_hash srv_cert_hash"
79 $OPENSSL x509
-in server.pem
-out server.der
-outform DER
80 HASH
=`sha256sum server.der | cut -f1 -d' '`
82 sed -i "s/srv_cert_hash =.*/srv_cert_hash = \"$HASH\"/" ..
/test_ap_eap.py
84 echo "index.txt: server time+serial"
86 grep -v CN
=server.w1.
fi index.txt
> index.txt.new
87 grep CN
=server.w1.
fi test-ca
/index.txt |
tail -1 >> index.txt.new
88 mv index.txt.new index.txt
90 echo "start.sh: openssl ocsp -reqout serial"
92 SERIAL
=`grep CN=server.w1.fi test-ca/index.txt | tail -1 | cut -f4`
93 sed -i "s/serial 0x[^ ]* -no_nonce/serial 0x$SERIAL -no_nonce/" ..
/start.sh