1160814Ssimon#!/bin/sh 2160814Ssimon 3160814Ssimon# For a list of supported curves, use "apps/openssl ecparam -list_curves". 4160814Ssimon 5160814Ssimon# Path to the openssl distribution 6160814SsimonOPENSSL_DIR=../.. 7160814Ssimon# Path to the openssl program 8160814SsimonOPENSSL_CMD=$OPENSSL_DIR/apps/openssl 9160814Ssimon# Option to find configuration file 10160814SsimonOPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" 11160814Ssimon# Directory where certificates are stored 12160814SsimonCERTS_DIR=./Certs 13160814Ssimon# Directory where private key files are stored 14160814SsimonKEYS_DIR=$CERTS_DIR 15160814Ssimon# Directory where combo files (containing a certificate and corresponding 16160814Ssimon# private key together) are stored 17160814SsimonCOMBO_DIR=$CERTS_DIR 18160814Ssimon# cat command 19160814SsimonCAT=/bin/cat 20160814Ssimon# rm command 21160814SsimonRM=/bin/rm 22160814Ssimon# mkdir command 23160814SsimonMKDIR=/bin/mkdir 24160814Ssimon# The certificate will expire these many days after the issue date. 25160814SsimonDAYS=1500 26160814SsimonTEST_CA_FILE=rsa1024TestCA 27160814SsimonTEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" 28160814Ssimon 29160814SsimonTEST_SERVER_FILE=rsa1024TestServer 30160814SsimonTEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" 31160814Ssimon 32160814SsimonTEST_CLIENT_FILE=rsa1024TestClient 33160814SsimonTEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" 34160814Ssimon 35160814Ssimon# Generating an EC certificate involves the following main steps 36160814Ssimon# 1. Generating curve parameters (if needed) 37160814Ssimon# 2. Generating a certificate request 38160814Ssimon# 3. Signing the certificate request 39160814Ssimon# 4. [Optional] One can combine the cert and private key into a single 40160814Ssimon# file and also delete the certificate request 41160814Ssimon 42160814Ssimon$MKDIR -p $CERTS_DIR 43160814Ssimon$MKDIR -p $KEYS_DIR 44160814Ssimon$MKDIR -p $COMBO_DIR 45160814Ssimon 46160814Ssimonecho "Generating self-signed CA certificate (RSA)" 47160814Ssimonecho "===========================================" 48160814Ssimon 49160814Ssimon$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ 50160814Ssimon -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ 51160814Ssimon -newkey rsa:1024 -new \ 52160814Ssimon -out $CERTS_DIR/$TEST_CA_FILE.req.pem 53160814Ssimon 54160814Ssimon$OPENSSL_CMD x509 -req -days $DAYS \ 55160814Ssimon -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ 56160814Ssimon -extfile $OPENSSL_DIR/apps/openssl.cnf \ 57160814Ssimon -extensions v3_ca \ 58160814Ssimon -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 59160814Ssimon -out $CERTS_DIR/$TEST_CA_FILE.cert.pem 60160814Ssimon 61160814Ssimon# Display the certificate 62160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text 63160814Ssimon 64160814Ssimon# Place the certificate and key in a common file 65160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ 66160814Ssimon > $COMBO_DIR/$TEST_CA_FILE.pem 67160814Ssimon$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem 68160814Ssimon 69160814Ssimon# Remove the cert request file (no longer needed) 70160814Ssimon$RM $CERTS_DIR/$TEST_CA_FILE.req.pem 71160814Ssimon 72160814Ssimonecho "GENERATING A TEST SERVER CERTIFICATE (RSA)" 73160814Ssimonecho "==========================================" 74160814Ssimon 75160814Ssimon$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ 76160814Ssimon -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ 77160814Ssimon -newkey rsa:1024 -new \ 78160814Ssimon -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem 79160814Ssimon 80160814Ssimon$OPENSSL_CMD x509 -req -days $DAYS \ 81160814Ssimon -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ 82160814Ssimon -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 83160814Ssimon -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 84160814Ssimon -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial 85160814Ssimon 86160814Ssimon# Display the certificate 87160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text 88160814Ssimon 89160814Ssimon# Place the certificate and key in a common file 90160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ 91160814Ssimon > $COMBO_DIR/$TEST_SERVER_FILE.pem 92160814Ssimon$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem 93160814Ssimon 94160814Ssimon# Remove the cert request file (no longer needed) 95160814Ssimon$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem 96160814Ssimon 97160814Ssimonecho "GENERATING A TEST CLIENT CERTIFICATE (RSA)" 98160814Ssimonecho "==========================================" 99160814Ssimon 100160814Ssimon$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ 101160814Ssimon -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ 102160814Ssimon -newkey rsa:1024 -new \ 103160814Ssimon -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 104160814Ssimon 105160814Ssimon$OPENSSL_CMD x509 -req -days $DAYS \ 106160814Ssimon -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ 107160814Ssimon -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 108160814Ssimon -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 109160814Ssimon -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial 110160814Ssimon 111160814Ssimon# Display the certificate 112160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text 113160814Ssimon 114160814Ssimon# Place the certificate and key in a common file 115160814Ssimon$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ 116160814Ssimon > $COMBO_DIR/$TEST_CLIENT_FILE.pem 117160814Ssimon$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem 118160814Ssimon 119160814Ssimon# Remove the cert request file (no longer needed) 120160814Ssimon$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 121160814Ssimon 122