mkcerts.sh 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. #!/bin/sh
  2. # This script will re-make all the required certs.
  3. # cd apps
  4. # sh ../util/mkcerts.sh
  5. # mv ca-cert.pem pca-cert.pem ../certs
  6. # cd ..
  7. # cat certs/*.pem >>apps/server.pem
  8. # cat certs/*.pem >>apps/server2.pem
  9. # SSLEAY=`pwd`/apps/ssleay; export SSLEAY
  10. # sh tools/c_rehash certs
  11. #
  12. CAbits=1024
  13. SSLEAY="../apps/openssl"
  14. CONF="-config ../apps/openssl.cnf"
  15. # create pca request.
  16. echo creating $CAbits bit PCA cert request
  17. $SSLEAY req $CONF \
  18. -new -sha256 -newkey $CAbits \
  19. -keyout pca-key.pem \
  20. -out pca-req.pem -nodes >/dev/null <<EOF
  21. AU
  22. Queensland
  23. .
  24. CryptSoft Pty Ltd
  25. .
  26. Test PCA (1024 bit)
  27. EOF
  28. if [ $? != 0 ]; then
  29. echo problems generating PCA request
  30. exit 1
  31. fi
  32. #sign it.
  33. echo
  34. echo self signing PCA
  35. $SSLEAY x509 -sha256 -days 36525 \
  36. -req -signkey pca-key.pem \
  37. -CAcreateserial -CAserial pca-cert.srl \
  38. -in pca-req.pem -out pca-cert.pem
  39. if [ $? != 0 ]; then
  40. echo problems self signing PCA cert
  41. exit 1
  42. fi
  43. echo
  44. # create ca request.
  45. echo creating $CAbits bit CA cert request
  46. $SSLEAY req $CONF \
  47. -new -sha256 -newkey $CAbits \
  48. -keyout ca-key.pem \
  49. -out ca-req.pem -nodes >/dev/null <<EOF
  50. AU
  51. Queensland
  52. .
  53. CryptSoft Pty Ltd
  54. .
  55. Test CA (1024 bit)
  56. EOF
  57. if [ $? != 0 ]; then
  58. echo problems generating CA request
  59. exit 1
  60. fi
  61. #sign it.
  62. echo
  63. echo signing CA
  64. $SSLEAY x509 -sha256 -days 36525 \
  65. -req \
  66. -CAcreateserial -CAserial pca-cert.srl \
  67. -CA pca-cert.pem -CAkey pca-key.pem \
  68. -in ca-req.pem -out ca-cert.pem
  69. if [ $? != 0 ]; then
  70. echo problems signing CA cert
  71. exit 1
  72. fi
  73. echo
  74. # create server request.
  75. echo creating 512 bit server cert request
  76. $SSLEAY req $CONF \
  77. -new -sha256 -newkey 512 \
  78. -keyout s512-key.pem \
  79. -out s512-req.pem -nodes >/dev/null <<EOF
  80. AU
  81. Queensland
  82. .
  83. CryptSoft Pty Ltd
  84. .
  85. Server test cert (512 bit)
  86. EOF
  87. if [ $? != 0 ]; then
  88. echo problems generating 512 bit server cert request
  89. exit 1
  90. fi
  91. #sign it.
  92. echo
  93. echo signing 512 bit server cert
  94. $SSLEAY x509 -sha256 -days 36525 \
  95. -req \
  96. -CAcreateserial -CAserial ca-cert.srl \
  97. -CA ca-cert.pem -CAkey ca-key.pem \
  98. -in s512-req.pem -out server.pem
  99. if [ $? != 0 ]; then
  100. echo problems signing 512 bit server cert
  101. exit 1
  102. fi
  103. echo
  104. # create 1024 bit server request.
  105. echo creating 1024 bit server cert request
  106. $SSLEAY req $CONF \
  107. -new -sha256 -newkey 1024 \
  108. -keyout s1024key.pem \
  109. -out s1024req.pem -nodes >/dev/null <<EOF
  110. AU
  111. Queensland
  112. .
  113. CryptSoft Pty Ltd
  114. .
  115. Server test cert (1024 bit)
  116. EOF
  117. if [ $? != 0 ]; then
  118. echo problems generating 1024 bit server cert request
  119. exit 1
  120. fi
  121. #sign it.
  122. echo
  123. echo signing 1024 bit server cert
  124. $SSLEAY x509 -sha256 -days 36525 \
  125. -req \
  126. -CAcreateserial -CAserial ca-cert.srl \
  127. -CA ca-cert.pem -CAkey ca-key.pem \
  128. -in s1024req.pem -out server2.pem
  129. if [ $? != 0 ]; then
  130. echo problems signing 1024 bit server cert
  131. exit 1
  132. fi
  133. echo
  134. # create 512 bit client request.
  135. echo creating 512 bit client cert request
  136. $SSLEAY req $CONF \
  137. -new -sha256 -newkey 512 \
  138. -keyout c512-key.pem \
  139. -out c512-req.pem -nodes >/dev/null <<EOF
  140. AU
  141. Queensland
  142. .
  143. CryptSoft Pty Ltd
  144. .
  145. Client test cert (512 bit)
  146. EOF
  147. if [ $? != 0 ]; then
  148. echo problems generating 512 bit client cert request
  149. exit 1
  150. fi
  151. #sign it.
  152. echo
  153. echo signing 512 bit client cert
  154. $SSLEAY x509 -sha256 -days 36525 \
  155. -req \
  156. -CAcreateserial -CAserial ca-cert.srl \
  157. -CA ca-cert.pem -CAkey ca-key.pem \
  158. -in c512-req.pem -out client.pem
  159. if [ $? != 0 ]; then
  160. echo problems signing 512 bit client cert
  161. exit 1
  162. fi
  163. echo cleanup
  164. cat pca-key.pem >> pca-cert.pem
  165. cat ca-key.pem >> ca-cert.pem
  166. cat s512-key.pem >> server.pem
  167. cat s1024key.pem >> server2.pem
  168. cat c512-key.pem >> client.pem
  169. for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
  170. do
  171. $SSLEAY x509 -issuer -subject -in $i -noout >$$
  172. cat $$
  173. /bin/cat $i >>$$
  174. /bin/mv $$ $i
  175. done
  176. #/bin/rm -f *key.pem *req.pem *.srl
  177. echo Finished