renewcerts.sh 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
  1. #!/bin/sh
  2. openssl req \
  3. -new \
  4. -key root-ca-key.pem \
  5. -out root-ca-cert.csr \
  6. -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com"
  7. openssl x509 \
  8. -req -in root-ca-cert.csr \
  9. -extfile openssl.cnf \
  10. -extensions v3_ca \
  11. -days 1000 \
  12. -signkey root-ca-key.pem \
  13. -set_serial 99 \
  14. -out root-ca-cert.pem
  15. rm root-ca-cert.csr
  16. openssl x509 -in root-ca-cert.pem -text > tmp.pem
  17. mv tmp.pem root-ca-cert.pem
  18. # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial
  19. function update_cert() {
  20. openssl req \
  21. -new \
  22. -key $1-key.pem \
  23. -out $1-cert.csr \
  24. -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com"
  25. openssl x509 \
  26. -req -in $1-cert.csr \
  27. -extfile openssl.cnf \
  28. -extensions $4 \
  29. -days 1000 \
  30. -CA $3-cert.pem \
  31. -CAkey $3-key.pem \
  32. -set_serial $5 \
  33. -out $1-cert.pem
  34. rm $1-cert.csr
  35. openssl x509 -in $1-cert.pem -text > $1_tmp.pem
  36. mv $1_tmp.pem $1-cert.pem
  37. cat $3-cert.pem >> $1-cert.pem
  38. }
  39. update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01
  40. update_cert intermediate2-ca "wolfSSL intermediate CA 2" root-ca v3_ca 02
  41. update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 03 # REVOKED
  42. update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 04
  43. update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 05
  44. update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 06 # REVOKED
  45. update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 07
  46. update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED
  47. update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09