1# 2# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. 8# 9# This code is distributed in the hope that it will be useful, but WITHOUT 10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12# version 2 for more details (a copy is included in the LICENSE file that 13# accompanied this code). 14# 15# You should have received a copy of the GNU General Public License version 16# 2 along with this work; if not, write to the Free Software Foundation, 17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18# 19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20# or visit www.oracle.com if you need additional information or have any 21# questions. 22# 23 24#!/bin/ksh 25# 26# needs ksh to run the script. 27OPENSSL=openssl 28 29# generate a self-signed root certificate 30if [ ! -f root/root_cert.pem ]; then 31 if [ ! -d root ]; then 32 mkdir root 33 fi 34 35 ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key.pem \ 36 -out root/root_cert.pem -subj "/C=US/O=Example" \ 37 -config openssl.cnf -reqexts cert_issuer -days 7650 \ 38 -passin pass:passphrase -passout pass:passphrase 39fi 40 41# generate subca cert issuer 42if [ ! -f subca/subca_cert.pem ]; then 43 if [ ! -d subca ]; then 44 mkdir subca 45 fi 46 47 ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key.pem \ 48 -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \ 49 -days 7650 -passin pass:passphrase -passout pass:passphrase 50 51 ${OPENSSL} x509 -req -in subca/subca_req.pem -extfile openssl.cnf \ 52 -extensions cert_issuer -CA root/root_cert.pem \ 53 -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \ 54 -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase 55fi 56 57# generate certifiacte for Alice 58if [ ! -f subca/alice/alice_cert.pem ]; then 59 if [ ! -d subca/alice ]; then 60 mkdir -p subca/alice 61 fi 62 63 ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \ 64 -out subca/alice/alice_req.pem \ 65 -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \ 66 -passin pass:passphrase -passout pass:passphrase 67 68 ${OPENSSL} x509 -req -in subca/alice/alice_req.pem \ 69 -extfile openssl.cnf -extensions alice_of_subca \ 70 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 71 -out subca/alice/alice_cert.pem -CAcreateserial \ 72 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 73fi 74 75# generate certifiacte for Bob 76if [ ! -f subca/bob/bob.pem ]; then 77 if [ ! -d subca/bob ]; then 78 mkdir -p subca/bob 79 fi 80 81 ${OPENSSL} req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \ 82 -out subca/bob/bob_req.pem \ 83 -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \ 84 -passin pass:passphrase -passout pass:passphrase 85 86 ${OPENSSL} x509 -req -in subca/bob/bob_req.pem \ 87 -extfile openssl.cnf -extensions ee_of_subca \ 88 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 89 -out subca/bob/bob_cert.pem -CAcreateserial \ 90 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 91fi 92 93# generate certifiacte for Susan 94if [ ! -f subca/susan/susan_cert.pem ]; then 95 if [ ! -d subca/susan ]; then 96 mkdir -p subca/susan 97 fi 98 99 ${OPENSSL} req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \ 100 -out subca/susan/susan_req.pem \ 101 -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \ 102 -passin pass:passphrase -passout pass:passphrase 103 104 ${OPENSSL} x509 -req -in subca/susan/susan_req.pem \ 105 -extfile openssl.cnf -extensions susan_of_subca \ 106 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 107 -out subca/susan/susan_cert.pem -CAcreateserial \ 108 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 109fi 110 111