]>
Commit | Line | Data |
---|---|---|
813f2567 | 1 | #!/bin/sh |
d02b48c6 RE |
2 | |
3 | # This script will re-make all the required certs. | |
4 | # cd apps | |
5 | # sh ../util/mkcerts.sh | |
6 | # mv ca-cert.pem pca-cert.pem ../certs | |
7 | # cd .. | |
8 | # cat certs/*.pem >>apps/server.pem | |
9 | # cat certs/*.pem >>apps/server2.pem | |
10 | # SSLEAY=`pwd`/apps/ssleay; export SSLEAY | |
11 | # sh tools/c_rehash certs | |
12 | # | |
13 | ||
14 | CAbits=1024 | |
813f2567 LJ |
15 | SSLEAY="../apps/openssl" |
16 | CONF="-config ../apps/openssl.cnf" | |
d02b48c6 RE |
17 | |
18 | # create pca request. | |
19 | echo creating $CAbits bit PCA cert request | |
20 | $SSLEAY req $CONF \ | |
d9e309a6 | 21 | -new -sha256 -newkey $CAbits \ |
d02b48c6 RE |
22 | -keyout pca-key.pem \ |
23 | -out pca-req.pem -nodes >/dev/null <<EOF | |
24 | AU | |
25 | Queensland | |
26 | . | |
27 | CryptSoft Pty Ltd | |
28 | . | |
29 | Test PCA (1024 bit) | |
30 | ||
31 | ||
32 | ||
33 | EOF | |
34 | ||
35 | if [ $? != 0 ]; then | |
36 | echo problems generating PCA request | |
37 | exit 1 | |
38 | fi | |
39 | ||
40 | #sign it. | |
41 | echo | |
42 | echo self signing PCA | |
d9e309a6 | 43 | $SSLEAY x509 -sha256 -days 36525 \ |
d02b48c6 RE |
44 | -req -signkey pca-key.pem \ |
45 | -CAcreateserial -CAserial pca-cert.srl \ | |
46 | -in pca-req.pem -out pca-cert.pem | |
47 | ||
48 | if [ $? != 0 ]; then | |
49 | echo problems self signing PCA cert | |
50 | exit 1 | |
51 | fi | |
52 | echo | |
53 | ||
54 | # create ca request. | |
55 | echo creating $CAbits bit CA cert request | |
56 | $SSLEAY req $CONF \ | |
d9e309a6 | 57 | -new -sha256 -newkey $CAbits \ |
d02b48c6 RE |
58 | -keyout ca-key.pem \ |
59 | -out ca-req.pem -nodes >/dev/null <<EOF | |
60 | AU | |
61 | Queensland | |
62 | . | |
63 | CryptSoft Pty Ltd | |
64 | . | |
65 | Test CA (1024 bit) | |
66 | ||
67 | ||
68 | ||
69 | EOF | |
70 | ||
71 | if [ $? != 0 ]; then | |
72 | echo problems generating CA request | |
73 | exit 1 | |
74 | fi | |
75 | ||
76 | #sign it. | |
77 | echo | |
78 | echo signing CA | |
d9e309a6 | 79 | $SSLEAY x509 -sha256 -days 36525 \ |
d02b48c6 RE |
80 | -req \ |
81 | -CAcreateserial -CAserial pca-cert.srl \ | |
82 | -CA pca-cert.pem -CAkey pca-key.pem \ | |
83 | -in ca-req.pem -out ca-cert.pem | |
84 | ||
85 | if [ $? != 0 ]; then | |
86 | echo problems signing CA cert | |
87 | exit 1 | |
88 | fi | |
89 | echo | |
90 | ||
91 | # create server request. | |
92 | echo creating 512 bit server cert request | |
93 | $SSLEAY req $CONF \ | |
d9e309a6 | 94 | -new -sha256 -newkey 512 \ |
d02b48c6 RE |
95 | -keyout s512-key.pem \ |
96 | -out s512-req.pem -nodes >/dev/null <<EOF | |
97 | AU | |
98 | Queensland | |
99 | . | |
100 | CryptSoft Pty Ltd | |
101 | . | |
102 | Server test cert (512 bit) | |
103 | ||
104 | ||
105 | ||
106 | EOF | |
107 | ||
108 | if [ $? != 0 ]; then | |
109 | echo problems generating 512 bit server cert request | |
110 | exit 1 | |
111 | fi | |
112 | ||
113 | #sign it. | |
114 | echo | |
115 | echo signing 512 bit server cert | |
d9e309a6 | 116 | $SSLEAY x509 -sha256 -days 36525 \ |
d02b48c6 RE |
117 | -req \ |
118 | -CAcreateserial -CAserial ca-cert.srl \ | |
119 | -CA ca-cert.pem -CAkey ca-key.pem \ | |
120 | -in s512-req.pem -out server.pem | |
121 | ||
122 | if [ $? != 0 ]; then | |
123 | echo problems signing 512 bit server cert | |
124 | exit 1 | |
125 | fi | |
126 | echo | |
127 | ||
128 | # create 1024 bit server request. | |
129 | echo creating 1024 bit server cert request | |
130 | $SSLEAY req $CONF \ | |
d9e309a6 | 131 | -new -sha256 -newkey 1024 \ |
d02b48c6 RE |
132 | -keyout s1024key.pem \ |
133 | -out s1024req.pem -nodes >/dev/null <<EOF | |
134 | AU | |
135 | Queensland | |
136 | . | |
137 | CryptSoft Pty Ltd | |
138 | . | |
139 | Server test cert (1024 bit) | |
140 | ||
141 | ||
142 | ||
143 | EOF | |
144 | ||
145 | if [ $? != 0 ]; then | |
146 | echo problems generating 1024 bit server cert request | |
147 | exit 1 | |
148 | fi | |
149 | ||
150 | #sign it. | |
151 | echo | |
152 | echo signing 1024 bit server cert | |
d9e309a6 | 153 | $SSLEAY x509 -sha256 -days 36525 \ |
d02b48c6 RE |
154 | -req \ |
155 | -CAcreateserial -CAserial ca-cert.srl \ | |
156 | -CA ca-cert.pem -CAkey ca-key.pem \ | |
157 | -in s1024req.pem -out server2.pem | |
158 | ||
159 | if [ $? != 0 ]; then | |
160 | echo problems signing 1024 bit server cert | |
161 | exit 1 | |
162 | fi | |
163 | echo | |
164 | ||
165 | # create 512 bit client request. | |
166 | echo creating 512 bit client cert request | |
167 | $SSLEAY req $CONF \ | |
d9e309a6 | 168 | -new -sha256 -newkey 512 \ |
d02b48c6 RE |
169 | -keyout c512-key.pem \ |
170 | -out c512-req.pem -nodes >/dev/null <<EOF | |
171 | AU | |
172 | Queensland | |
173 | . | |
174 | CryptSoft Pty Ltd | |
175 | . | |
176 | Client test cert (512 bit) | |
177 | ||
178 | ||
179 | ||
180 | EOF | |
181 | ||
182 | if [ $? != 0 ]; then | |
183 | echo problems generating 512 bit client cert request | |
184 | exit 1 | |
185 | fi | |
186 | ||
187 | #sign it. | |
188 | echo | |
189 | echo signing 512 bit client cert | |
d9e309a6 | 190 | $SSLEAY x509 -sha256 -days 36525 \ |
d02b48c6 RE |
191 | -req \ |
192 | -CAcreateserial -CAserial ca-cert.srl \ | |
193 | -CA ca-cert.pem -CAkey ca-key.pem \ | |
194 | -in c512-req.pem -out client.pem | |
195 | ||
196 | if [ $? != 0 ]; then | |
197 | echo problems signing 512 bit client cert | |
198 | exit 1 | |
199 | fi | |
200 | ||
201 | echo cleanup | |
202 | ||
203 | cat pca-key.pem >> pca-cert.pem | |
204 | cat ca-key.pem >> ca-cert.pem | |
205 | cat s512-key.pem >> server.pem | |
206 | cat s1024key.pem >> server2.pem | |
207 | cat c512-key.pem >> client.pem | |
208 | ||
209 | for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem | |
210 | do | |
211 | $SSLEAY x509 -issuer -subject -in $i -noout >$$ | |
212 | cat $$ | |
213 | /bin/cat $i >>$$ | |
214 | /bin/mv $$ $i | |
215 | done | |
216 | ||
217 | #/bin/rm -f *key.pem *req.pem *.srl | |
218 | ||
219 | echo Finished | |
220 |