1#!/bin/sh 2 3# For a list of supported curves, use "apps/openssl ecparam -list_curves". 4 5# Path to the openssl distribution 6OPENSSL_DIR=../.. 7# Path to the openssl program 8OPENSSL_CMD=$OPENSSL_DIR/apps/openssl 9# Option to find configuration file 10OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" 11# Directory where certificates are stored 12CERTS_DIR=./Certs 13# Directory where private key files are stored 14KEYS_DIR=$CERTS_DIR 15# Directory where combo files (containing a certificate and corresponding 16# private key together) are stored 17COMBO_DIR=$CERTS_DIR 18# cat command 19CAT=/bin/cat 20# rm command 21RM=/bin/rm 22# mkdir command 23MKDIR=/bin/mkdir 24# The certificate will expire these many days after the issue date. 25DAYS=1500 26TEST_CA_FILE=rsa1024TestCA 27 28TEST_SERVER_CURVE=sect163r1 29TEST_SERVER_FILE=sect163r1-rsaTestServer 30TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)" 31 32TEST_CLIENT_CURVE=sect163r1 33TEST_CLIENT_FILE=sect163r1-rsaTestClient 34TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)" 35 36# Generating an EC certificate involves the following main steps 37# 1. Generating curve parameters (if needed) 38# 2. Generating a certificate request 39# 3. Signing the certificate request 40# 4. [Optional] One can combine the cert and private key into a single 41# file and also delete the certificate request 42 43$MKDIR -p $CERTS_DIR 44$MKDIR -p $KEYS_DIR 45$MKDIR -p $COMBO_DIR 46 47echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)" 48echo "==============================================================" 49$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem 50 51$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ 52 -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ 53 -newkey ec:$TEST_SERVER_CURVE.pem -new \ 54 -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem 55 56$OPENSSL_CMD x509 -req -days $DAYS \ 57 -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ 58 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 59 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 60 -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial 61 62# Display the certificate 63$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text 64 65# Place the certificate and key in a common file 66$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ 67 > $COMBO_DIR/$TEST_SERVER_FILE.pem 68$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem 69 70# Remove the cert request file (no longer needed) 71$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem 72 73echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)" 74echo "==============================================================" 75$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem 76 77$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ 78 -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ 79 -newkey ec:$TEST_CLIENT_CURVE.pem -new \ 80 -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 81 82$OPENSSL_CMD x509 -req -days $DAYS \ 83 -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ 84 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 85 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 86 -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial 87 88# Display the certificate 89$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text 90 91# Place the certificate and key in a common file 92$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ 93 > $COMBO_DIR/$TEST_CLIENT_FILE.pem 94$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem 95 96# Remove the cert request file (no longer needed) 97$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 98 99