RSAcertgen.sh 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. #!/bin/sh
  2. # For a list of supported curves, use "apps/openssl ecparam -list_curves".
  3. # Path to the openssl distribution
  4. OPENSSL_DIR=../..
  5. # Path to the openssl program
  6. OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
  7. # Option to find configuration file
  8. OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
  9. # Directory where certificates are stored
  10. CERTS_DIR=./Certs
  11. # Directory where private key files are stored
  12. KEYS_DIR=$CERTS_DIR
  13. # Directory where combo files (containing a certificate and corresponding
  14. # private key together) are stored
  15. COMBO_DIR=$CERTS_DIR
  16. # cat command
  17. CAT=/bin/cat
  18. # rm command
  19. RM=/bin/rm
  20. # mkdir command
  21. MKDIR=/bin/mkdir
  22. # The certificate will expire these many days after the issue date.
  23. DAYS=1500
  24. TEST_CA_FILE=rsa1024TestCA
  25. TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
  26. TEST_SERVER_FILE=rsa1024TestServer
  27. TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
  28. TEST_CLIENT_FILE=rsa1024TestClient
  29. TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
  30. # Generating an EC certificate involves the following main steps
  31. # 1. Generating curve parameters (if needed)
  32. # 2. Generating a certificate request
  33. # 3. Signing the certificate request
  34. # 4. [Optional] One can combine the cert and private key into a single
  35. # file and also delete the certificate request
  36. $MKDIR -p $CERTS_DIR
  37. $MKDIR -p $KEYS_DIR
  38. $MKDIR -p $COMBO_DIR
  39. echo "Generating self-signed CA certificate (RSA)"
  40. echo "==========================================="
  41. $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
  42. -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
  43. -newkey rsa:1024 -new \
  44. -out $CERTS_DIR/$TEST_CA_FILE.req.pem
  45. $OPENSSL_CMD x509 -req -days $DAYS \
  46. -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
  47. -extfile $OPENSSL_DIR/apps/openssl.cnf \
  48. -extensions v3_ca \
  49. -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
  50. -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
  51. # Display the certificate
  52. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
  53. # Place the certificate and key in a common file
  54. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
  55. > $COMBO_DIR/$TEST_CA_FILE.pem
  56. $CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
  57. # Remove the cert request file (no longer needed)
  58. $RM $CERTS_DIR/$TEST_CA_FILE.req.pem
  59. echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
  60. echo "=========================================="
  61. $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
  62. -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
  63. -newkey rsa:1024 -new \
  64. -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
  65. $OPENSSL_CMD x509 -req -days $DAYS \
  66. -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
  67. -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
  68. -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
  69. -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
  70. # Display the certificate
  71. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
  72. # Place the certificate and key in a common file
  73. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
  74. > $COMBO_DIR/$TEST_SERVER_FILE.pem
  75. $CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
  76. # Remove the cert request file (no longer needed)
  77. $RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
  78. echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
  79. echo "=========================================="
  80. $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
  81. -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
  82. -newkey rsa:1024 -new \
  83. -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
  84. $OPENSSL_CMD x509 -req -days $DAYS \
  85. -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
  86. -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
  87. -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
  88. -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
  89. # Display the certificate
  90. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
  91. # Place the certificate and key in a common file
  92. $OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
  93. > $COMBO_DIR/$TEST_CLIENT_FILE.pem
  94. $CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
  95. # Remove the cert request file (no longer needed)
  96. $RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem