#!/bin/sh # This script will re-make all the required certs. # cd apps # sh ../util/mkcerts.sh # mv ca-cert.pem pca-cert.pem ../certs # cd .. # cat certs/*.pem >>apps/server.pem # cat certs/*.pem >>apps/server2.pem # SSLEAY=`pwd`/apps/ssleay; export SSLEAY # sh tools/c_rehash certs # CAbits=1024 SSLEAY="../apps/openssl" CONF="-config ../apps/openssl.cnf" # create pca request. echo creating $CAbits bit PCA cert request $SSLEAY req $CONF \ -new -md5 -newkey $CAbits \ -keyout pca-key.pem \ -out pca-req.pem -nodes >/dev/null <<EOF AU Queensland . CryptSoft Pty Ltd . Test PCA (1024 bit) EOF if [ $? != 0 ]; then echo problems generating PCA request exit 1 fi #sign it. echo echo self signing PCA $SSLEAY x509 -md5 -days 1461 \ -req -signkey pca-key.pem \ -CAcreateserial -CAserial pca-cert.srl \ -in pca-req.pem -out pca-cert.pem if [ $? != 0 ]; then echo problems self signing PCA cert exit 1 fi echo # create ca request. echo creating $CAbits bit CA cert request $SSLEAY req $CONF \ -new -md5 -newkey $CAbits \ -keyout ca-key.pem \ -out ca-req.pem -nodes >/dev/null <<EOF AU Queensland . CryptSoft Pty Ltd . Test CA (1024 bit) EOF if [ $? != 0 ]; then echo problems generating CA request exit 1 fi #sign it. echo echo signing CA $SSLEAY x509 -md5 -days 1461 \ -req \ -CAcreateserial -CAserial pca-cert.srl \ -CA pca-cert.pem -CAkey pca-key.pem \ -in ca-req.pem -out ca-cert.pem if [ $? != 0 ]; then echo problems signing CA cert exit 1 fi echo # create server request. echo creating 512 bit server cert request $SSLEAY req $CONF \ -new -md5 -newkey 512 \ -keyout s512-key.pem \ -out s512-req.pem -nodes >/dev/null <<EOF AU Queensland . CryptSoft Pty Ltd . Server test cert (512 bit) EOF if [ $? != 0 ]; then echo problems generating 512 bit server cert request exit 1 fi #sign it. echo echo signing 512 bit server cert $SSLEAY x509 -md5 -days 365 \ -req \ -CAcreateserial -CAserial ca-cert.srl \ -CA ca-cert.pem -CAkey ca-key.pem \ -in s512-req.pem -out server.pem if [ $? != 0 ]; then echo problems signing 512 bit server cert exit 1 fi echo # create 1024 bit server request. echo creating 1024 bit server cert request $SSLEAY req $CONF \ -new -md5 -newkey 1024 \ -keyout s1024key.pem \ -out s1024req.pem -nodes >/dev/null <<EOF AU Queensland . CryptSoft Pty Ltd . Server test cert (1024 bit) EOF if [ $? != 0 ]; then echo problems generating 1024 bit server cert request exit 1 fi #sign it. echo echo signing 1024 bit server cert $SSLEAY x509 -md5 -days 365 \ -req \ -CAcreateserial -CAserial ca-cert.srl \ -CA ca-cert.pem -CAkey ca-key.pem \ -in s1024req.pem -out server2.pem if [ $? != 0 ]; then echo problems signing 1024 bit server cert exit 1 fi echo # create 512 bit client request. echo creating 512 bit client cert request $SSLEAY req $CONF \ -new -md5 -newkey 512 \ -keyout c512-key.pem \ -out c512-req.pem -nodes >/dev/null <<EOF AU Queensland . CryptSoft Pty Ltd . Client test cert (512 bit) EOF if [ $? != 0 ]; then echo problems generating 512 bit client cert request exit 1 fi #sign it. echo echo signing 512 bit client cert $SSLEAY x509 -md5 -days 365 \ -req \ -CAcreateserial -CAserial ca-cert.srl \ -CA ca-cert.pem -CAkey ca-key.pem \ -in c512-req.pem -out client.pem if [ $? != 0 ]; then echo problems signing 512 bit client cert exit 1 fi echo cleanup cat pca-key.pem >> pca-cert.pem cat ca-key.pem >> ca-cert.pem cat s512-key.pem >> server.pem cat s1024key.pem >> server2.pem cat c512-key.pem >> client.pem for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem do $SSLEAY x509 -issuer -subject -in $i -noout >$$ cat $$ /bin/cat $i >>$$ /bin/mv $$ $i done #/bin/rm -f *key.pem *req.pem *.srl echo Finished