1
0

renew-rsapss-certs.sh 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. #!/bin/bash
  2. check_result(){
  3. if [ $1 -ne 0 ]; then
  4. echo "Failed at \"$2\", Abort"
  5. exit 1
  6. else
  7. echo "Step Succeeded!"
  8. fi
  9. }
  10. ############################################################
  11. ####### update the self-signed root-rsapss.pem #############
  12. ############################################################
  13. echo "Updating root-rsapss.pem"
  14. echo ""
  15. #pipe the following arguments to openssl req...
  16. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
  17. openssl req -new -key root-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-rsapss.csr
  18. check_result $? "Generate request"
  19. openssl x509 -req -in root-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-rsapss-priv.pem -out root-rsapss.pem
  20. check_result $? "Generate certificate"
  21. rm root-rsapss.csr
  22. openssl x509 -in root-rsapss.pem -outform DER > root-rsapss.der
  23. check_result $? "Convert to DER"
  24. openssl x509 -in root-rsapss.pem -text > tmp.pem
  25. check_result $? "Add text"
  26. mv tmp.pem root-rsapss.pem
  27. echo "End of section"
  28. echo "---------------------------------------------------------------------"
  29. ############################################################
  30. ####### update ca-rsapss.pem signed by root ################
  31. ############################################################
  32. echo "Updating ca-rsapss.pem"
  33. echo ""
  34. #pipe the following arguments to openssl req...
  35. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-rsapss.csr
  36. check_result $? "Generate request"
  37. openssl x509 -req -in ca-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-rsapss.pem -CAkey root-rsapss-priv.pem -set_serial 01 -out ca-rsapss.pem
  38. check_result $? "Generate certificate"
  39. rm ca-rsapss.csr
  40. openssl x509 -in ca-rsapss.pem -outform DER > ca-rsapss.der
  41. check_result $? "Convert to DER"
  42. openssl x509 -in ca-rsapss.pem -text > tmp.pem
  43. check_result $? "Add text"
  44. mv tmp.pem ca-rsapss.pem
  45. echo "End of section"
  46. echo "---------------------------------------------------------------------"
  47. ############################################################
  48. ####### update server-rsapss.pem signed by ca ##############
  49. ############################################################
  50. echo "Updating server-rsapss.pem"
  51. echo ""
  52. #pipe the following arguments to openssl req...
  53. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-rsapss.csr
  54. check_result $? "Generate request"
  55. openssl x509 -req -in server-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-rsapss.pem -CAkey ca-rsapss-priv.pem -set_serial 01 -out server-rsapss-cert.pem
  56. check_result $? "Generate certificate"
  57. rm server-rsapss.csr
  58. openssl x509 -in server-rsapss-cert.pem -outform DER > server-rsapss.der
  59. check_result $? "Convert to DER"
  60. openssl x509 -in server-rsapss-cert.pem -text > tmp.pem
  61. check_result $? "Add text"
  62. mv tmp.pem server-rsapss-cert.pem
  63. cat server-rsapss-cert.pem ca-rsapss.pem > server-rsapss.pem
  64. check_result $? "Add CA into server cert"
  65. echo "End of section"
  66. echo "---------------------------------------------------------------------"
  67. ############################################################
  68. ####### update the self-signed client-rsapss.pem ###########
  69. ############################################################
  70. echo "Updating client-rsapss.pem"
  71. echo ""
  72. #pipe the following arguments to openssl req...
  73. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-rsapss.csr
  74. check_result $? "Generate request"
  75. openssl x509 -req -in client-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-rsapss-priv.pem -out client-rsapss.pem
  76. check_result $? "Generate certificate"
  77. rm client-rsapss.csr
  78. openssl x509 -in client-rsapss.pem -outform DER > client-rsapss.der
  79. check_result $? "Convert to DER"
  80. openssl x509 -in client-rsapss.pem -text > tmp.pem
  81. check_result $? "Add text"
  82. mv tmp.pem client-rsapss.pem
  83. echo "End of section"
  84. echo "---------------------------------------------------------------------"
  85. ################################################################################
  86. # 3072-bit keys. RSA-PSS with SHA-384
  87. ################################################################################
  88. ############################################################
  89. ###### update the self-signed root-3072-rsapss.pem #########
  90. ############################################################
  91. echo "Updating root-3072-rsapss.pem"
  92. echo ""
  93. #pipe the following arguments to openssl req...
  94. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
  95. openssl req -new -key root-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-3072-rsapss.csr
  96. check_result $? "Generate request"
  97. openssl x509 -req -in root-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-3072-rsapss-priv.pem -sha384 -out root-3072-rsapss.pem
  98. check_result $? "Generate certificate"
  99. rm root-3072-rsapss.csr
  100. openssl x509 -in root-3072-rsapss.pem -outform DER > root-3072-rsapss.der
  101. check_result $? "Convert to DER"
  102. openssl x509 -in root-3072-rsapss.pem -text > tmp.pem
  103. check_result $? "Add text"
  104. mv tmp.pem root-3072-rsapss.pem
  105. echo "End of section"
  106. echo "---------------------------------------------------------------------"
  107. ############################################################
  108. ###### update ca-3072-rsapss.pem signed by root ############
  109. ############################################################
  110. echo "Updating ca-3072-rsapss.pem"
  111. echo ""
  112. #pipe the following arguments to openssl req...
  113. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-3072-rsapss.csr
  114. check_result $? "Generate request"
  115. openssl x509 -req -in ca-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-3072-rsapss.pem -CAkey root-3072-rsapss-priv.pem -sha384 -set_serial 01 -out ca-3072-rsapss.pem
  116. check_result $? "Generate certificate"
  117. rm ca-3072-rsapss.csr
  118. openssl x509 -in ca-3072-rsapss.pem -outform DER > ca-3072-rsapss.der
  119. check_result $? "Convert to DER"
  120. openssl x509 -in ca-3072-rsapss.pem -text > tmp.pem
  121. check_result $? "Add text"
  122. mv tmp.pem ca-3072-rsapss.pem
  123. echo "End of section"
  124. echo "---------------------------------------------------------------------"
  125. ############################################################
  126. ###### update server-3072-rsapss.pem signed by ca ##########
  127. ############################################################
  128. echo "Updating server-3072-rsapss.pem"
  129. echo ""
  130. #pipe the following arguments to openssl req...
  131. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-3072-rsapss.csr
  132. check_result $? "Generate request"
  133. openssl x509 -req -in server-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-3072-rsapss.pem -CAkey ca-3072-rsapss-priv.pem -sha384 -set_serial 01 -out server-3072-rsapss-cert.pem
  134. check_result $? "Generate certificate"
  135. rm server-3072-rsapss.csr
  136. openssl x509 -in server-3072-rsapss-cert.pem -outform DER > server-3072-rsapss.der
  137. check_result $? "Convert to DER"
  138. openssl x509 -in server-3072-rsapss-cert.pem -text > tmp.pem
  139. check_result $? "Add text"
  140. mv tmp.pem server-3072-rsapss-cert.pem
  141. cat server-3072-rsapss-cert.pem ca-3072-rsapss.pem > server-3072-rsapss.pem
  142. check_result $? "Add CA into server cert"
  143. echo "End of section"
  144. echo "---------------------------------------------------------------------"
  145. ############################################################
  146. ###### update the self-signed client-3072-rsapss.pem #######
  147. ############################################################
  148. echo "Updating client-3072-rsapss.pem"
  149. echo ""
  150. #pipe the following arguments to openssl req...
  151. echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-3072-rsapss.csr
  152. check_result $? "Generate request"
  153. openssl x509 -req -in client-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-3072-rsapss-priv.pem -sha384 -out client-3072-rsapss.pem
  154. check_result $? "Generate certificate"
  155. rm client-3072-rsapss.csr
  156. openssl x509 -in client-3072-rsapss.pem -outform DER > client-3072-rsapss.der
  157. check_result $? "Convert to DER"
  158. openssl x509 -in client-3072-rsapss.pem -text > tmp.pem
  159. check_result $? "Add text"
  160. mv tmp.pem client-3072-rsapss.pem
  161. echo "End of section"
  162. echo "---------------------------------------------------------------------"