1#!/bin/sh 2 3# For a list of supported curves, use "apps/openssl ecparam -list_curves". 4 5# Path to the openssl distribution 6OPENSSL_DIR=../.. 7# Path to the openssl program 8OPENSSL_CMD=$OPENSSL_DIR/apps/openssl 9# Option to find configuration file 10OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" 11# Directory where certificates are stored 12CERTS_DIR=./Certs 13# Directory where private key files are stored 14KEYS_DIR=$CERTS_DIR 15# Directory where combo files (containing a certificate and corresponding 16# private key together) are stored 17COMBO_DIR=$CERTS_DIR 18# cat command 19CAT=/bin/cat 20# rm command 21RM=/bin/rm 22# mkdir command 23MKDIR=/bin/mkdir 24# The certificate will expire these many days after the issue date. 25DAYS=1500 26TEST_CA_FILE=rsa1024TestCA 27TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" 28 29TEST_SERVER_FILE=rsa1024TestServer 30TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" 31 32TEST_CLIENT_FILE=rsa1024TestClient 33TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" 34 35# Generating an EC certificate involves the following main steps 36# 1. Generating curve parameters (if needed) 37# 2. Generating a certificate request 38# 3. Signing the certificate request 39# 4. [Optional] One can combine the cert and private key into a single 40# file and also delete the certificate request 41 42$MKDIR -p $CERTS_DIR 43$MKDIR -p $KEYS_DIR 44$MKDIR -p $COMBO_DIR 45 46echo "Generating self-signed CA certificate (RSA)" 47echo "===========================================" 48 49$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ 50 -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ 51 -newkey rsa:1024 -new \ 52 -out $CERTS_DIR/$TEST_CA_FILE.req.pem 53 54$OPENSSL_CMD x509 -req -days $DAYS \ 55 -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ 56 -extfile $OPENSSL_DIR/apps/openssl.cnf \ 57 -extensions v3_ca \ 58 -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 59 -out $CERTS_DIR/$TEST_CA_FILE.cert.pem 60 61# Display the certificate 62$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text 63 64# Place the certificate and key in a common file 65$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ 66 > $COMBO_DIR/$TEST_CA_FILE.pem 67$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem 68 69# Remove the cert request file (no longer needed) 70$RM $CERTS_DIR/$TEST_CA_FILE.req.pem 71 72echo "GENERATING A TEST SERVER CERTIFICATE (RSA)" 73echo "==========================================" 74 75$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ 76 -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ 77 -newkey rsa:1024 -new \ 78 -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem 79 80$OPENSSL_CMD x509 -req -days $DAYS \ 81 -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ 82 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 83 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 84 -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial 85 86# Display the certificate 87$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text 88 89# Place the certificate and key in a common file 90$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ 91 > $COMBO_DIR/$TEST_SERVER_FILE.pem 92$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem 93 94# Remove the cert request file (no longer needed) 95$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem 96 97echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)" 98echo "==========================================" 99 100$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ 101 -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ 102 -newkey rsa:1024 -new \ 103 -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 104 105$OPENSSL_CMD x509 -req -days $DAYS \ 106 -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ 107 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 108 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 109 -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial 110 111# Display the certificate 112$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text 113 114# Place the certificate and key in a common file 115$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ 116 > $COMBO_DIR/$TEST_CLIENT_FILE.pem 117$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem 118 119# Remove the cert request file (no longer needed) 120$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 121 122