gen-ext-certs.sh 1.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. #!/bin/sh
  2. TMP="/tmp/`basename $0`"
  3. gen_cert() {
  4. openssl req -x509 -keyform DER -key certs/server-key.der \
  5. -days 1000 -new -outform DER -out $OUT -config $CONFIG \
  6. >$TMP 2>&1
  7. if [ "$?" = "0" -a -f $OUT ]; then
  8. echo "Created: $OUT"
  9. else
  10. cat $TMP
  11. echo "Failed: $OUT"
  12. fi
  13. rm $TMP
  14. }
  15. OUT=certs/test/cert-ext-nc.der
  16. KEYFILE=certs/test/cert-ext-nc-key.der
  17. CONFIG=certs/test/cert-ext-nc.cfg
  18. tee >$CONFIG <<EOF
  19. [ req ]
  20. distinguished_name = req_distinguished_name
  21. prompt = no
  22. x509_extensions = v3_ca
  23. [ req_distinguished_name ]
  24. C = AU
  25. ST = Queensland
  26. L = Brisbane
  27. O = wolfSSL Inc
  28. OU = Engineering
  29. CN = www.wolfssl.com
  30. emailAddress = support@wolfsssl.com
  31. [ v3_ca ]
  32. subjectKeyIdentifier = hash
  33. authorityKeyIdentifier = keyid:always,issuer
  34. basicConstraints = critical, CA:true, pathlen:0
  35. keyUsage = critical, digitalSignature, cRLSign, keyCertSign
  36. nameConstraints = critical,permitted;email:.wolfssl.com
  37. nsComment = "Testing name constraints"
  38. EOF
  39. gen_cert
  40. OUT=certs/test/cert-ext-ia.der
  41. KEYFILE=certs/test/cert-ext-ia-key.der
  42. CONFIG=certs/test/cert-ext-ia.cfg
  43. tee >$CONFIG <<EOF
  44. [ req ]
  45. distinguished_name = req_distinguished_name
  46. prompt = no
  47. x509_extensions = v3_ca
  48. [ req_distinguished_name ]
  49. C = AU
  50. ST = Queensland
  51. L = Brisbane
  52. O = wolfSSL Inc
  53. OU = Engineering
  54. CN = www.wolfssl.com
  55. emailAddress = support@wolfsssl.com
  56. [ v3_ca ]
  57. inhibitAnyPolicy = critical,1
  58. nsComment = "Testing inhibit any"
  59. EOF
  60. gen_cert