1$! TESTSS.COM 2$ 3$ __arch := VAX 4$ if f$getsyi("cpu") .ge. 128 then - 5 __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") 6$ if __arch .eqs. "" then __arch := UNK 7$ exe_dir := sys$disk:[-.'__arch'.exe.apps] 8$ 9$ digest="-md5" 10$ reqcmd := mcr 'exe_dir'openssl req 11$ x509cmd := mcr 'exe_dir'openssl x509 'digest' 12$ verifycmd := mcr 'exe_dir'openssl verify 13$ dummycnf := sys$disk:[-.apps]openssl-vms.cnf 14$ 15$ CAkey="""keyCA.ss""" 16$ CAcert="""certCA.ss""" 17$ CAreq="""reqCA.ss""" 18$ CAconf="""CAss.cnf""" 19$ CAreq2="""req2CA.ss""" ! temp 20$ 21$ Uconf="""Uss.cnf""" 22$ Ukey="""keyU.ss""" 23$ Ureq="""reqU.ss""" 24$ Ucert="""certU.ss""" 25$ 26$ write sys$output "" 27$ write sys$output "make a certificate request using 'req'" 28$ 29$ set noon 30$ define/user sys$output nla0: 31$ mcr 'exe_dir'openssl no-rsa 32$ save_severity=$SEVERITY 33$ set on 34$ if save_severity 35$ then 36$ req_new="-newkey dsa:[-.apps]dsa512.pem" 37$ else 38$ req_new="-new" 39$ endif 40$ 41$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss 42$ if $severity .ne. 1 43$ then 44$ write sys$output "error using 'req' to generate a certificate request" 45$ exit 3 46$ endif 47$ write sys$output "" 48$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" 49$ define /user sys$output err.ss 50$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' 51$ if $severity .ne. 1 52$ then 53$ write sys$output "error using 'x509' to self sign a certificate request" 54$ exit 3 55$ endif 56$ 57$ write sys$output "" 58$ write sys$output "convert a certificate into a certificate request using 'x509'" 59$ define /user sys$output err.ss 60$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' 61$ if $severity .ne. 1 62$ then 63$ write sys$output "error using 'x509' convert a certificate to a certificate request" 64$ exit 3 65$ endif 66$ 67$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout 68$ if $severity .ne. 1 69$ then 70$ write sys$output "first generated request is invalid" 71$ exit 3 72$ endif 73$ 74$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout 75$ if $severity .ne. 1 76$ then 77$ write sys$output "second generated request is invalid" 78$ exit 3 79$ endif 80$ 81$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' 82$ if $severity .ne. 1 83$ then 84$ write sys$output "first generated cert is invalid" 85$ exit 3 86$ endif 87$ 88$ write sys$output "" 89$ write sys$output "make another certificate request using 'req'" 90$ define /user sys$output err.ss 91$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' 92$ if $severity .ne. 1 93$ then 94$ write sys$output "error using 'req' to generate a certificate request" 95$ exit 3 96$ endif 97$ 98$ write sys$output "" 99$ write sys$output "sign certificate request with the just created CA via 'x509'" 100$ define /user sys$output err.ss 101$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' 102$ if $severity .ne. 1 103$ then 104$ write sys$output "error using 'x509' to sign a certificate request" 105$ exit 3 106$ endif 107$ 108$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' 109$ write sys$output "" 110$ write sys$output "Certificate details" 111$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' 112$ 113$ write sys$output "" 114$ write sys$output "The generated CA certificate is ",CAcert 115$ write sys$output "The generated CA private key is ",CAkey 116$ 117$ write sys$output "The generated user certificate is ",Ucert 118$ write sys$output "The generated user private key is ",Ukey 119$ 120$ if f$search("err.ss;*") .nes. "" then delete err.ss;* 121