[thirdparty/openssl.git] / util / mkcerts.sh

#!/bin/sh

# This script will re-make all the required certs.
# cd apps
# sh ../util/mkcerts.sh
# mv ca-cert.pem pca-cert.pem ../certs
# cd ..
# cat certs/*.pem >>apps/server.pem
# cat certs/*.pem >>apps/server2.pem
# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
# sh tools/c_rehash certs
#
 
CAbits=1024
SSLEAY="../apps/openssl"
CONF="-config ../apps/openssl.cnf"

# create pca request.
echo creating $CAbits bit PCA cert request
$SSLEAY req $CONF \
	-new -sha256 -newkey $CAbits \
	-keyout pca-key.pem \
	-out pca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test PCA (1024 bit)


EOF

if [ $? != 0 ]; then
	echo problems generating PCA request
	exit 1
fi

#sign it.
echo
echo self signing PCA
$SSLEAY x509 -sha256 -days 36525 \
	-req -signkey pca-key.pem \
	-CAcreateserial -CAserial pca-cert.srl \
	-in pca-req.pem -out pca-cert.pem

if [ $? != 0 ]; then
	echo problems self signing PCA cert
	exit 1
fi
echo

# create ca request.
echo creating $CAbits bit CA cert request
$SSLEAY req $CONF \
	-new -sha256 -newkey $CAbits \
	-keyout ca-key.pem \
	-out ca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test CA (1024 bit)


EOF

if [ $? != 0 ]; then
	echo problems generating CA request
	exit 1
fi

#sign it.
echo
echo signing CA
$SSLEAY x509 -sha256 -days 36525 \
	-req \
	-CAcreateserial -CAserial pca-cert.srl \
	-CA pca-cert.pem -CAkey pca-key.pem \
	-in ca-req.pem -out ca-cert.pem

if [ $? != 0 ]; then
	echo problems signing CA cert
	exit 1
fi
echo

# create server request.
echo creating 512 bit server cert request
$SSLEAY req $CONF \
	-new -sha256 -newkey 512 \
	-keyout s512-key.pem \
	-out s512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (512 bit)


EOF

if [ $? != 0 ]; then
	echo problems generating 512 bit server cert request
	exit 1
fi

#sign it.
echo
echo signing 512 bit server cert
$SSLEAY x509 -sha256 -days 36525 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in s512-req.pem -out server.pem

if [ $? != 0 ]; then
	echo problems signing 512 bit server cert
	exit 1
fi
echo

# create 1024 bit server request.
echo creating 1024 bit server cert request
$SSLEAY req $CONF \
	-new -sha256 -newkey 1024 \
	-keyout s1024key.pem \
	-out s1024req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (1024 bit)


EOF

if [ $? != 0 ]; then
	echo problems generating 1024 bit server cert request
	exit 1
fi

#sign it.
echo
echo signing 1024 bit server cert
$SSLEAY x509 -sha256 -days 36525 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in s1024req.pem -out server2.pem

if [ $? != 0 ]; then
	echo problems signing 1024 bit server cert
	exit 1
fi
echo

# create 512 bit client request.
echo creating 512 bit client cert request
$SSLEAY req $CONF \
	-new -sha256 -newkey 512 \
	-keyout c512-key.pem \
	-out c512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Client test cert (512 bit)


EOF

if [ $? != 0 ]; then
	echo problems generating 512 bit client cert request
	exit 1
fi

#sign it.
echo
echo signing 512 bit client cert
$SSLEAY x509 -sha256 -days 36525 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in c512-req.pem -out client.pem

if [ $? != 0 ]; then
	echo problems signing 512 bit client cert
	exit 1
fi

echo cleanup

cat pca-key.pem  >> pca-cert.pem
cat ca-key.pem   >> ca-cert.pem
cat s512-key.pem >> server.pem
cat s1024key.pem >> server2.pem
cat c512-key.pem >> client.pem

for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
do
$SSLEAY x509 -issuer -subject -in $i -noout >$$
cat $$
/bin/cat $i >>$$
/bin/mv $$ $i
done

#/bin/rm -f *key.pem *req.pem *.srl

echo Finished
Commit	Line	Data
813f2567	1	#!/bin/sh
d02b48c6 RE	2
	3	# This script will re-make all the required certs.
	4	# cd apps
	5	# sh ../util/mkcerts.sh
	6	# mv ca-cert.pem pca-cert.pem ../certs
	7	# cd ..
	8	# cat certs/*.pem >>apps/server.pem
	9	# cat certs/*.pem >>apps/server2.pem
	10	# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
	11	# sh tools/c_rehash certs
	12	#
	13
	14	CAbits=1024
813f2567 LJ	15	SSLEAY="../apps/openssl"
813f2567 LJ	16	CONF="-config ../apps/openssl.cnf"
d02b48c6 RE	17
	18	# create pca request.
	19	echo creating $CAbits bit PCA cert request
	20	$SSLEAY req $CONF \
d9e309a6	21	-new -sha256 -newkey $CAbits \
d02b48c6 RE	22	-keyout pca-key.pem \
	23	-out pca-req.pem -nodes >/dev/null <<EOF
	24	AU
	25	Queensland
	26	.
	27	CryptSoft Pty Ltd
	28	.
	29	Test PCA (1024 bit)
	30
	31
	32
	33	EOF
	34
	35	if [ $? != 0 ]; then
	36	echo problems generating PCA request
	37	exit 1
	38	fi
	39
	40	#sign it.
	41	echo
	42	echo self signing PCA
d9e309a6	43	$SSLEAY x509 -sha256 -days 36525 \
d02b48c6 RE	44	-req -signkey pca-key.pem \
	45	-CAcreateserial -CAserial pca-cert.srl \
	46	-in pca-req.pem -out pca-cert.pem
	47
	48	if [ $? != 0 ]; then
	49	echo problems self signing PCA cert
	50	exit 1
	51	fi
	52	echo
	53
	54	# create ca request.
	55	echo creating $CAbits bit CA cert request
	56	$SSLEAY req $CONF \
d9e309a6	57	-new -sha256 -newkey $CAbits \
d02b48c6 RE	58	-keyout ca-key.pem \
	59	-out ca-req.pem -nodes >/dev/null <<EOF
	60	AU
	61	Queensland
	62	.
	63	CryptSoft Pty Ltd
	64	.
	65	Test CA (1024 bit)
	66
	67
	68
	69	EOF
	70
	71	if [ $? != 0 ]; then
	72	echo problems generating CA request
	73	exit 1
	74	fi
	75
	76	#sign it.
	77	echo
	78	echo signing CA
d9e309a6	79	$SSLEAY x509 -sha256 -days 36525 \
d02b48c6 RE	80	-req \
	81	-CAcreateserial -CAserial pca-cert.srl \
	82	-CA pca-cert.pem -CAkey pca-key.pem \
	83	-in ca-req.pem -out ca-cert.pem
	84
	85	if [ $? != 0 ]; then
	86	echo problems signing CA cert
	87	exit 1
	88	fi
	89	echo
	90
	91	# create server request.
	92	echo creating 512 bit server cert request
	93	$SSLEAY req $CONF \
d9e309a6	94	-new -sha256 -newkey 512 \
d02b48c6 RE	95	-keyout s512-key.pem \
	96	-out s512-req.pem -nodes >/dev/null <<EOF
	97	AU
	98	Queensland
	99	.
	100	CryptSoft Pty Ltd
	101	.
	102	Server test cert (512 bit)
	103
	104
	105
	106	EOF
	107
	108	if [ $? != 0 ]; then
	109	echo problems generating 512 bit server cert request
	110	exit 1
	111	fi
	112
	113	#sign it.
	114	echo
	115	echo signing 512 bit server cert
d9e309a6	116	$SSLEAY x509 -sha256 -days 36525 \
d02b48c6 RE	117	-req \
	118	-CAcreateserial -CAserial ca-cert.srl \
	119	-CA ca-cert.pem -CAkey ca-key.pem \
	120	-in s512-req.pem -out server.pem
	121
	122	if [ $? != 0 ]; then
	123	echo problems signing 512 bit server cert
	124	exit 1
	125	fi
	126	echo
	127
	128	# create 1024 bit server request.
	129	echo creating 1024 bit server cert request
	130	$SSLEAY req $CONF \
d9e309a6	131	-new -sha256 -newkey 1024 \
d02b48c6 RE	132	-keyout s1024key.pem \
	133	-out s1024req.pem -nodes >/dev/null <<EOF
	134	AU
	135	Queensland
	136	.
	137	CryptSoft Pty Ltd
	138	.
	139	Server test cert (1024 bit)
	140
	141
	142
	143	EOF
	144
	145	if [ $? != 0 ]; then
	146	echo problems generating 1024 bit server cert request
	147	exit 1
	148	fi
	149
	150	#sign it.
	151	echo
	152	echo signing 1024 bit server cert
d9e309a6	153	$SSLEAY x509 -sha256 -days 36525 \
d02b48c6 RE	154	-req \
	155	-CAcreateserial -CAserial ca-cert.srl \
	156	-CA ca-cert.pem -CAkey ca-key.pem \
	157	-in s1024req.pem -out server2.pem
	158
	159	if [ $? != 0 ]; then
	160	echo problems signing 1024 bit server cert
	161	exit 1
	162	fi
	163	echo
	164
	165	# create 512 bit client request.
	166	echo creating 512 bit client cert request
	167	$SSLEAY req $CONF \
d9e309a6	168	-new -sha256 -newkey 512 \
d02b48c6 RE	169	-keyout c512-key.pem \
	170	-out c512-req.pem -nodes >/dev/null <<EOF
	171	AU
	172	Queensland
	173	.
	174	CryptSoft Pty Ltd
	175	.
	176	Client test cert (512 bit)
	177
	178
	179
	180	EOF
	181
	182	if [ $? != 0 ]; then
	183	echo problems generating 512 bit client cert request
	184	exit 1
	185	fi
	186
	187	#sign it.
	188	echo
	189	echo signing 512 bit client cert
d9e309a6	190	$SSLEAY x509 -sha256 -days 36525 \
d02b48c6 RE	191	-req \
	192	-CAcreateserial -CAserial ca-cert.srl \
	193	-CA ca-cert.pem -CAkey ca-key.pem \
	194	-in c512-req.pem -out client.pem
	195
	196	if [ $? != 0 ]; then
	197	echo problems signing 512 bit client cert
	198	exit 1
	199	fi
	200
	201	echo cleanup
	202
	203	cat pca-key.pem >> pca-cert.pem
	204	cat ca-key.pem >> ca-cert.pem
	205	cat s512-key.pem >> server.pem
	206	cat s1024key.pem >> server2.pem
	207	cat c512-key.pem >> client.pem
	208
	209	for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
	210	do
	211	$SSLEAY x509 -issuer -subject -in $i -noout >$$
	212	cat $$
	213	/bin/cat $i >>$$
	214	/bin/mv $$ $i
	215	done
	216
	217	#/bin/rm -f key.pem req.pem *.srl
	218
	219	echo Finished
	220