1#!/bin/sh 2 3digest='-sha1' 4reqcmd="../util/shlib_wrap.sh ../apps/openssl req" 5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" 6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" 7dummycnf="../apps/openssl.cnf" 8 9CAkey="keyCA.ss" 10CAcert="certCA.ss" 11CAreq="reqCA.ss" 12CAconf="CAss.cnf" 13CAreq2="req2CA.ss" # temp 14 15Uconf="Uss.cnf" 16Ukey="keyU.ss" 17Ureq="reqU.ss" 18Ucert="certU.ss" 19 20echo 21echo "make a certificate request using 'req'" 22 23echo "string to make the random number generator think it has entropy" >> ./.rnd 24 25if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then 26 req_new='-newkey dsa:../apps/dsa512.pem' 27else 28 req_new='-new' 29fi 30 31$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss 32if [ $? != 0 ]; then 33 echo "error using 'req' to generate a certificate request" 34 exit 1 35fi 36echo 37echo "convert the certificate request into a self signed certificate using 'x509'" 38$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss 39if [ $? != 0 ]; then 40 echo "error using 'x509' to self sign a certificate request" 41 exit 1 42fi 43 44echo 45echo "convert a certificate into a certificate request using 'x509'" 46$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss 47if [ $? != 0 ]; then 48 echo "error using 'x509' convert a certificate to a certificate request" 49 exit 1 50fi 51 52$reqcmd -config $dummycnf -verify -in $CAreq -noout 53if [ $? != 0 ]; then 54 echo first generated request is invalid 55 exit 1 56fi 57 58$reqcmd -config $dummycnf -verify -in $CAreq2 -noout 59if [ $? != 0 ]; then 60 echo second generated request is invalid 61 exit 1 62fi 63 64$verifycmd -CAfile $CAcert $CAcert 65if [ $? != 0 ]; then 66 echo first generated cert is invalid 67 exit 1 68fi 69 70echo 71echo "make another certificate request using 'req'" 72$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss 73if [ $? != 0 ]; then 74 echo "error using 'req' to generate a certificate request" 75 exit 1 76fi 77 78echo 79echo "sign certificate request with the just created CA via 'x509'" 80$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss 81if [ $? != 0 ]; then 82 echo "error using 'x509' to sign a certificate request" 83 exit 1 84fi 85 86$verifycmd -CAfile $CAcert $Ucert 87echo 88echo "Certificate details" 89$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert 90 91echo 92echo The generated CA certificate is $CAcert 93echo The generated CA private key is $CAkey 94 95echo The generated user certificate is $Ucert 96echo The generated user private key is $Ukey 97 98/bin/rm err.ss 99exit 0 100