123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- $! TESTSS.COM
- $
- $ __arch := VAX
- $ if f$getsyi("cpu") .ge. 128 then __arch := AXP
- $ exe_dir := sys$disk:[-.'__arch'.exe.apps]
- $
- $ digest="-md5"
- $ reqcmd := mcr 'exe_dir'openssl req
- $ x509cmd := mcr 'exe_dir'openssl x509 'digest'
- $ verifycmd := mcr 'exe_dir'openssl verify
- $ dummycnf := sys$disk:[-.apps]openssl-vms.cnf
- $
- $ CAkey="""keyCA.ss"""
- $ CAcert="""certCA.ss"""
- $ CAreq="""reqCA.ss"""
- $ CAconf="""CAss.cnf"""
- $ CAreq2="""req2CA.ss""" ! temp
- $
- $ Uconf="""Uss.cnf"""
- $ Ukey="""keyU.ss"""
- $ Ureq="""reqU.ss"""
- $ Ucert="""certU.ss"""
- $
- $ write sys$output ""
- $ write sys$output "make a certificate request using 'req'"
- $
- $ set noon
- $ define/user sys$output nla0:
- $ mcr 'exe_dir'openssl no-rsa
- $ save_severity=$SEVERITY
- $ set on
- $ if save_severity
- $ then
- $ req_new="-newkey dsa:[-.apps]dsa512.pem"
- $ else
- $ req_new="-new"
- $ endif
- $
- $ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
- $ if $severity .ne. 1
- $ then
- $ write sys$output "error using 'req' to generate a certificate request"
- $ exit 3
- $ endif
- $ write sys$output ""
- $ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
- $ define /user sys$output err.ss
- $ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
- $ if $severity .ne. 1
- $ then
- $ write sys$output "error using 'x509' to self sign a certificate request"
- $ exit 3
- $ endif
- $
- $ write sys$output ""
- $ write sys$output "convert a certificate into a certificate request using 'x509'"
- $ define /user sys$output err.ss
- $ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
- $ if $severity .ne. 1
- $ then
- $ write sys$output "error using 'x509' convert a certificate to a certificate request"
- $ exit 3
- $ endif
- $
- $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
- $ if $severity .ne. 1
- $ then
- $ write sys$output "first generated request is invalid"
- $ exit 3
- $ endif
- $
- $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
- $ if $severity .ne. 1
- $ then
- $ write sys$output "second generated request is invalid"
- $ exit 3
- $ endif
- $
- $ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
- $ if $severity .ne. 1
- $ then
- $ write sys$output "first generated cert is invalid"
- $ exit 3
- $ endif
- $
- $ write sys$output ""
- $ write sys$output "make another certificate request using 'req'"
- $ define /user sys$output err.ss
- $ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
- $ if $severity .ne. 1
- $ then
- $ write sys$output "error using 'req' to generate a certificate request"
- $ exit 3
- $ endif
- $
- $ write sys$output ""
- $ write sys$output "sign certificate request with the just created CA via 'x509'"
- $ define /user sys$output err.ss
- $ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
- $ if $severity .ne. 1
- $ then
- $ write sys$output "error using 'x509' to sign a certificate request"
- $ exit 3
- $ endif
- $
- $ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
- $ write sys$output ""
- $ write sys$output "Certificate details"
- $ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
- $
- $ write sys$output ""
- $ write sys$output "The generated CA certificate is ",CAcert
- $ write sys$output "The generated CA private key is ",CAkey
- $
- $ write sys$output "The generated user certificate is ",Ucert
- $ write sys$output "The generated user private key is ",Ukey
- $
- $ if f$search("err.ss;*") .nes. "" then delete err.ss;*
|