aboutsummaryrefslogtreecommitdiff
path: root/openssl/util/mkcerts.sh
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/util/mkcerts.sh')
-rw-r--r--openssl/util/mkcerts.sh220
1 files changed, 220 insertions, 0 deletions
diff --git a/openssl/util/mkcerts.sh b/openssl/util/mkcerts.sh
new file mode 100644
index 000000000..0184fcb70
--- /dev/null
+++ b/openssl/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!/bin/sh
+
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+
+CAbits=1024
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
+
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+ -new -md5 -newkey $CAbits \
+ -keyout pca-key.pem \
+ -out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+ echo problems generating PCA request
+ exit 1
+fi
+
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -md5 -days 1461 \
+ -req -signkey pca-key.pem \
+ -CAcreateserial -CAserial pca-cert.srl \
+ -in pca-req.pem -out pca-cert.pem
+
+if [ $? != 0 ]; then
+ echo problems self signing PCA cert
+ exit 1
+fi
+echo
+
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+ -new -md5 -newkey $CAbits \
+ -keyout ca-key.pem \
+ -out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+ echo problems generating CA request
+ exit 1
+fi
+
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -md5 -days 1461 \
+ -req \
+ -CAcreateserial -CAserial pca-cert.srl \
+ -CA pca-cert.pem -CAkey pca-key.pem \
+ -in ca-req.pem -out ca-cert.pem
+
+if [ $? != 0 ]; then
+ echo problems signing CA cert
+ exit 1
+fi
+echo
+
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+ -new -md5 -newkey 512 \
+ -keyout s512-key.pem \
+ -out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+ echo problems generating 512 bit server cert request
+ exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+ -req \
+ -CAcreateserial -CAserial ca-cert.srl \
+ -CA ca-cert.pem -CAkey ca-key.pem \
+ -in s512-req.pem -out server.pem
+
+if [ $? != 0 ]; then
+ echo problems signing 512 bit server cert
+ exit 1
+fi
+echo
+
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+ -new -md5 -newkey 1024 \
+ -keyout s1024key.pem \
+ -out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+ echo problems generating 1024 bit server cert request
+ exit 1
+fi
+
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+ -req \
+ -CAcreateserial -CAserial ca-cert.srl \
+ -CA ca-cert.pem -CAkey ca-key.pem \
+ -in s1024req.pem -out server2.pem
+
+if [ $? != 0 ]; then
+ echo problems signing 1024 bit server cert
+ exit 1
+fi
+echo
+
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+ -new -md5 -newkey 512 \
+ -keyout c512-key.pem \
+ -out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+ echo problems generating 512 bit client cert request
+ exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -md5 -days 365 \
+ -req \
+ -CAcreateserial -CAserial ca-cert.srl \
+ -CA ca-cert.pem -CAkey ca-key.pem \
+ -in c512-req.pem -out client.pem
+
+if [ $? != 0 ]; then
+ echo problems signing 512 bit client cert
+ exit 1
+fi
+
+echo cleanup
+
+cat pca-key.pem >> pca-cert.pem
+cat ca-key.pem >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+
+#/bin/rm -f *key.pem *req.pem *.srl
+
+echo Finished
+