1#!/bin/sh 2openssl=$(which openssl) 3 4if [ x"$openssl" = "x" ]; then 5echo "OpenSSL command line binary not found, skipping..." 6fi 7 8KEY_BITS=4096 9KEY_TYPE=rsa:$KEY_BITS 10 11USAGE="$0 [-s] [-u <user@domain.com>]" 12SERVER=0 13USER=0 14EMAIL= 15 16while test $# -gt 0 ; do 17 case "$1" in 18 -s | -server) 19 SERVER=1; 20 shift;; 21 -u | -user) 22 if [ x"$2" = "x" ]; then 23 echo "User cert requires an email address as an argument" 24 exit; 25 fi 26 USER=1; 27 EMAIL="$2"; 28 shift; shift;; 29 -) 30 shift;; 31 -*) 32 echo "$USAGE"; exit 1 33 ;; 34 *) 35 break;; 36 esac 37done 38 39if [ $SERVER = 0 -a $USER = 0 ]; then 40 echo "$USAGE"; 41 exit 1; 42fi 43 44rm -rf ./openssl.cnf cruft 45mkdir -p private certs cruft/private cruft/certs 46 47echo "00" > cruft/serial 48touch cruft/index.txt 49touch cruft/index.txt.attr 50hn=$(hostname -f) 51sed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf > ./openssl.cnf 52 53if [ $SERVER = 1 ]; then 54 rm -rf private/localhost.key certs/localhost.crt 55 56 $openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \ 57 -newkey $KEY_TYPE -config ./openssl.cnf \ 58 -subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \ 59 -batch > /dev/null 2>&1 60 61 $openssl ca -out certs/localhost.crt -notext -config ./openssl.cnf -days 183000 -in localhost.csr \ 62 -keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \ 63 -batch >/dev/null 2>&1 64 65 rm -rf ./openssl.cnf ./localhost.csr cruft 66fi 67 68if [ $USER = 1 ]; then 69 rm -f certs/$EMAIL.crt private/$EMAIL.key $EMAIL.csr 70 71 $openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \ 72 -newkey $KEY_TYPE -config ./openssl.cnf \ 73 -subj "/emailAddress=$EMAIL/CN=$EMAIL/OU=OpenLDAP/O=OpenLDAP Foundation/ST=CA/C=US" \ 74 -batch >/dev/null 2>&1 75 76 $openssl ca -out certs/$EMAIL.crt -notext -config ./openssl.cnf -days 183000 -in $EMAIL.csr \ 77 -keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \ 78 -cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1 79 80 rm -rf ./openssl.cnf ./$EMAIL.csr cruft 81fi 82