mkcerts.sh revision 256281
1216559Sbschmidt#!/bin/sh 2173362Sbenjsc 3173362Sbenjsc# This script will re-make all the required certs. 4173362Sbenjsc# cd apps 5173362Sbenjsc# sh ../util/mkcerts.sh 6173362Sbenjsc# mv ca-cert.pem pca-cert.pem ../certs 7173362Sbenjsc# cd .. 8173362Sbenjsc# cat certs/*.pem >>apps/server.pem 9173362Sbenjsc# cat certs/*.pem >>apps/server2.pem 10173362Sbenjsc# SSLEAY=`pwd`/apps/ssleay; export SSLEAY 11173362Sbenjsc# sh tools/c_rehash certs 12173362Sbenjsc# 13173362Sbenjsc 14173362SbenjscCAbits=1024 15173362SbenjscSSLEAY="../apps/openssl" 16173362SbenjscCONF="-config ../apps/openssl.cnf" 17173362Sbenjsc 18173362Sbenjsc# create pca request. 19173362Sbenjscecho creating $CAbits bit PCA cert request 20173362Sbenjsc$SSLEAY req $CONF \ 21173362Sbenjsc -new -md5 -newkey $CAbits \ 22173362Sbenjsc -keyout pca-key.pem \ 23173362Sbenjsc -out pca-req.pem -nodes >/dev/null <<EOF 24173362SbenjscAU 25173362SbenjscQueensland 26173362Sbenjsc. 27173362SbenjscCryptSoft Pty Ltd 28173362Sbenjsc. 29173362SbenjscTest PCA (1024 bit) 30173362Sbenjsc 31173362Sbenjsc 32173362Sbenjsc 33173362SbenjscEOF 34173362Sbenjsc 35173362Sbenjscif [ $? != 0 ]; then 36173362Sbenjsc echo problems generating PCA request 37173362Sbenjsc exit 1 38173362Sbenjscfi 39173362Sbenjsc 40#sign it. 41echo 42echo self signing PCA 43$SSLEAY x509 -md5 -days 1461 \ 44 -req -signkey pca-key.pem \ 45 -CAcreateserial -CAserial pca-cert.srl \ 46 -in pca-req.pem -out pca-cert.pem 47 48if [ $? != 0 ]; then 49 echo problems self signing PCA cert 50 exit 1 51fi 52echo 53 54# create ca request. 55echo creating $CAbits bit CA cert request 56$SSLEAY req $CONF \ 57 -new -md5 -newkey $CAbits \ 58 -keyout ca-key.pem \ 59 -out ca-req.pem -nodes >/dev/null <<EOF 60AU 61Queensland 62. 63CryptSoft Pty Ltd 64. 65Test CA (1024 bit) 66 67 68 69EOF 70 71if [ $? != 0 ]; then 72 echo problems generating CA request 73 exit 1 74fi 75 76#sign it. 77echo 78echo signing CA 79$SSLEAY x509 -md5 -days 1461 \ 80 -req \ 81 -CAcreateserial -CAserial pca-cert.srl \ 82 -CA pca-cert.pem -CAkey pca-key.pem \ 83 -in ca-req.pem -out ca-cert.pem 84 85if [ $? != 0 ]; then 86 echo problems signing CA cert 87 exit 1 88fi 89echo 90 91# create server request. 92echo creating 512 bit server cert request 93$SSLEAY req $CONF \ 94 -new -md5 -newkey 512 \ 95 -keyout s512-key.pem \ 96 -out s512-req.pem -nodes >/dev/null <<EOF 97AU 98Queensland 99. 100CryptSoft Pty Ltd 101. 102Server test cert (512 bit) 103 104 105 106EOF 107 108if [ $? != 0 ]; then 109 echo problems generating 512 bit server cert request 110 exit 1 111fi 112 113#sign it. 114echo 115echo signing 512 bit server cert 116$SSLEAY x509 -md5 -days 365 \ 117 -req \ 118 -CAcreateserial -CAserial ca-cert.srl \ 119 -CA ca-cert.pem -CAkey ca-key.pem \ 120 -in s512-req.pem -out server.pem 121 122if [ $? != 0 ]; then 123 echo problems signing 512 bit server cert 124 exit 1 125fi 126echo 127 128# create 1024 bit server request. 129echo creating 1024 bit server cert request 130$SSLEAY req $CONF \ 131 -new -md5 -newkey 1024 \ 132 -keyout s1024key.pem \ 133 -out s1024req.pem -nodes >/dev/null <<EOF 134AU 135Queensland 136. 137CryptSoft Pty Ltd 138. 139Server test cert (1024 bit) 140 141 142 143EOF 144 145if [ $? != 0 ]; then 146 echo problems generating 1024 bit server cert request 147 exit 1 148fi 149 150#sign it. 151echo 152echo signing 1024 bit server cert 153$SSLEAY x509 -md5 -days 365 \ 154 -req \ 155 -CAcreateserial -CAserial ca-cert.srl \ 156 -CA ca-cert.pem -CAkey ca-key.pem \ 157 -in s1024req.pem -out server2.pem 158 159if [ $? != 0 ]; then 160 echo problems signing 1024 bit server cert 161 exit 1 162fi 163echo 164 165# create 512 bit client request. 166echo creating 512 bit client cert request 167$SSLEAY req $CONF \ 168 -new -md5 -newkey 512 \ 169 -keyout c512-key.pem \ 170 -out c512-req.pem -nodes >/dev/null <<EOF 171AU 172Queensland 173. 174CryptSoft Pty Ltd 175. 176Client test cert (512 bit) 177 178 179 180EOF 181 182if [ $? != 0 ]; then 183 echo problems generating 512 bit client cert request 184 exit 1 185fi 186 187#sign it. 188echo 189echo signing 512 bit client cert 190$SSLEAY x509 -md5 -days 365 \ 191 -req \ 192 -CAcreateserial -CAserial ca-cert.srl \ 193 -CA ca-cert.pem -CAkey ca-key.pem \ 194 -in c512-req.pem -out client.pem 195 196if [ $? != 0 ]; then 197 echo problems signing 512 bit client cert 198 exit 1 199fi 200 201echo cleanup 202 203cat pca-key.pem >> pca-cert.pem 204cat ca-key.pem >> ca-cert.pem 205cat s512-key.pem >> server.pem 206cat s1024key.pem >> server2.pem 207cat c512-key.pem >> client.pem 208 209for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem 210do 211$SSLEAY x509 -issuer -subject -in $i -noout >$$ 212cat $$ 213/bin/cat $i >>$$ 214/bin/mv $$ $i 215done 216 217#/bin/rm -f *key.pem *req.pem *.srl 218 219echo Finished 220 221