2
0

mkacerts.sh 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. #!/bin/sh
  2. # Recreate the demo certificates in the apps directory.
  3. OPENSSL=openssl
  4. # Root CA: create certificate directly
  5. CN="OpenSSL Test Root CA" $OPENSSL req -config apps.cnf -x509 -nodes \
  6. -keyout root.pem -out root.pem -key rootkey.pem -new -days 3650
  7. # Intermediate CA: request first
  8. CN="OpenSSL Test Intermediate CA" $OPENSSL req -config apps.cnf -nodes \
  9. -key intkey.pem -out intreq.pem -new
  10. # Sign request: CA extensions
  11. $OPENSSL x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \
  12. -extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem
  13. # Client certificate: request first
  14. CN="Test Client Cert" $OPENSSL req -config apps.cnf -nodes \
  15. -key ckey.pem -out creq.pem -new
  16. # Sign using intermediate CA
  17. $OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
  18. -extfile apps.cnf -extensions usr_cert -CAcreateserial | \
  19. $OPENSSL x509 -nameopt oneline -subject -issuer >client.pem
  20. # Server certificate: request first
  21. CN="Test Server Cert" $OPENSSL req -config apps.cnf -nodes \
  22. -key skey.pem -out sreq.pem -new
  23. # Sign using intermediate CA
  24. $OPENSSL x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
  25. -extfile apps.cnf -extensions usr_cert -CAcreateserial | \
  26. $OPENSSL x509 -nameopt oneline -subject -issuer >server.pem
  27. # Server certificate #2: request first
  28. CN="Test Server Cert #2" $OPENSSL req -config apps.cnf -nodes \
  29. -key skey2.pem -out sreq2.pem -new
  30. # Sign using intermediate CA
  31. $OPENSSL x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
  32. -extfile apps.cnf -extensions usr_cert -CAcreateserial | \
  33. $OPENSSL x509 -nameopt oneline -subject -issuer >server2.pem
  34. # Append keys to file.
  35. cat skey.pem >>server.pem
  36. cat skey2.pem >>server2.pem
  37. cat ckey.pem >>client.pem
  38. $OPENSSL verify -CAfile root.pem -untrusted intca.pem \
  39. server2.pem server.pem client.pem