]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/certs/mkcert.sh
3 # Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 # Copyright (c) 2016 Viktor Dukhovni <openssl-users@dukhovni.org>.
7 # Licensed under the OpenSSL license (the "License"). You may not use
8 # this file except in compliance with the License. You can obtain a copy
9 # in the file LICENSE in the source distribution or at
10 # https://www.openssl.org/source/license.html
12 # This file is dual-licensed and is also available under other terms.
13 # Please contact the author.
15 # 100 years should be enough for now
16 if [ -z "$DAYS" ]; then
20 if [ -z "$OPENSSL_SIGALG" ]; then
24 if [ -z "$REQMASK" ]; then
30 err
=$
("$@" >&3 2>&1) ||
{
31 printf "%s\n" "$err" >&2
41 if [ -n "$OPENSSL_KEYALG" ]; then
46 if [ -n "$OPENSSL_KEYBITS" ]; then
50 if [ ! -f "${key}.pem" ]; then
51 args
=(-algorithm "$alg")
53 rsa
) args
=("${args[@]}" -pkeyopt rsa_keygen_bits
:$bits );;
54 ec
) args
=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits")
55 args
=("${args[@]}" -pkeyopt ec_param_enc
:named_curve
);;
56 dsa
) args
=(-paramfile "$bits");;
58 *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
61 openssl genpkey
"${args[@]}" -out "${key}.pem"
65 # Usage: $0 req keyname dn1 dn2 ...
73 openssl req
-new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
74 -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \
75 "$REQMASK" "prompt = no" "distinguished_name = dn"
76 for dn
in "$@"; do echo "$dn"; done)
84 openssl req
-new -"${OPENSSL_SIGALG}" -subj / -key "${key}.pem" \
85 -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \
86 "distinguished_name = dn")
94 openssl x509
-req -"${OPENSSL_SIGALG}" -out "${cert}.pem" \
95 -extfile <(printf "%s\n" "$exts") "$@"
102 local skid
="subjectKeyIdentifier = hash"
103 local akid
="authorityKeyIdentifier = keyid"
105 exts
=$
(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
108 exts
=$
(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
110 csr
=$
(req
"$key" "CN = $cn") ||
return 1
112 cert
"$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days "${DAYS}"
119 local cakey
=$1; shift
120 local cacert
=$1; shift
121 local skid
="subjectKeyIdentifier = hash"
122 local akid
="authorityKeyIdentifier = keyid"
124 exts
=$
(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
127 exts
=$
(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
129 if [ -n "$NC" ]; then
130 exts
=$
(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
132 csr
=$
(req
"$key" "CN = $cn") ||
return 1
134 cert
"$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
135 -set_serial 2 -days "${DAYS}"
142 local cakey
=$1; shift
143 local cacert
=$1; shift
144 local skid
="subjectKeyIdentifier = hash"
145 local akid
="authorityKeyIdentifier = keyid"
147 exts
=$
(printf "%s\n%s\n%s\n" "$skid" "$akid")
148 exts
=$
(printf "%s\nkeyUsage = %s\n" "$exts" "keyCertSign, cRLSign")
151 exts
=$
(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
153 csr
=$
(req
"$key" "CN = $cn") ||
return 1
155 cert
"$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
156 -set_serial 2 -days "${DAYS}"
159 # Usage: $0 genpc keyname certname eekeyname eecertname pcext1 pcext2 ...
161 # Note: takes csr on stdin, so must be used with $0 req like this:
163 # $0 req keyname dn | $0 genpc keyname certname eekeyname eecertname pcext ...
167 local cakey
=$1; shift
170 exts
=$
(printf "%s\n%s\n%s\n%s\n" \
171 "subjectKeyIdentifier = hash" \
172 "authorityKeyIdentifier = keyid, issuer:always" \
173 "basicConstraints = CA:false" \
174 "proxyCertInfo = critical, @pcexts";
176 for x
in "$@"; do echo $x; done)
177 cert
"$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
178 -set_serial 2 -days "${DAYS}"
181 # Usage: $0 geneealt keyname certname eekeyname eecertname alt1 alt2 ...
183 # Note: takes csr on stdin, so must be used with $0 req like this:
185 # $0 req keyname dn | $0 geneealt keyname certname eekeyname eecertname alt ...
189 local cakey
=$1; shift
192 exts
=$
(printf "%s\n%s\n%s\n%s\n" \
193 "subjectKeyIdentifier = hash" \
194 "authorityKeyIdentifier = keyid" \
195 "basicConstraints = CA:false" \
196 "subjectAltName = @alts";
198 for x
in "$@"; do echo $x; done)
199 cert
"$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
200 -set_serial 2 -days "${DAYS}"
205 local purpose
=serverAuth
210 p
) purpose
="$OPTARG";;
211 *) echo "Usage: $0 genee [-p EKU] cn keyname certname cakeyname cacertname" >&2
216 shift $
((OPTIND
- 1))
220 local cakey
=$1; shift
223 exts
=$
(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
224 "subjectKeyIdentifier = hash" \
225 "authorityKeyIdentifier = keyid, issuer" \
226 "basicConstraints = CA:false" \
227 "extendedKeyUsage = $purpose" \
228 "subjectAltName = @alts" "DNS=${cn}")
229 csr
=$
(req
"$key" "CN = $cn") ||
return 1
231 cert
"$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
232 -set_serial 2 -days "${DAYS}" "$@"
240 exts
=$
(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
241 "subjectKeyIdentifier = hash" \
242 "authorityKeyIdentifier = keyid, issuer" \
243 "basicConstraints = CA:false" \
244 "extendedKeyUsage = serverAuth" \
245 "subjectAltName = @alts" "DNS=${cn}")
246 csr
=$
(req
"$key" "CN = $cn") ||
return 1
248 cert
"$cert" "$exts" -signkey "${key}.pem" \
249 -set_serial 1 -days "${DAYS}" "$@"
256 csr
=$
(req_nocn
"$key") ||
return 1
258 cert
"$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@"
projects / thirdparty / openssl.git / blob