Home Explore Help
Sign In
RISCI_ATOM
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Files Issues 14 Wiki
Tree: ae54bae2fa
Branches Tags
wolfssl
/
certs
/
crl
/
gencrls.sh

gencrls.sh 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. #!/bin/bash
    2. 

  2. 

  3. # gencrls, crl config already done, see taoCerts.txt for setup
    4. 

  4. 

  5. function setup_files() {
    6. 

  6.     #set up the file system for updating the crls
    7. 

  7.     echo "setting up the file system for generating the crls..."
    8. 

  8.     echo ""
    9. 

  9.     touch ./index.txt
    10. 

  10.     touch ./crlnumber
    11. 

  11.     echo "01" >> crlnumber
    12. 

  12.     touch ./blank.index.txt
    13. 

  13.     mkdir demoCA
    14. 

  14.     touch ./demoCA/index.txt
    15. 

  15. }
    16. 

  16. 

  17. function cleanup_files() {
    18. 

  18.     rm blank.index.txt
    19. 

  19.     rm index.*
    20. 

  20.     rm crlnumber*
    21. 

  21.     rm -r demoCA
    22. 

  22.     echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
    23. 

  23.     echo ""
    24. 

  24.     exit 0
    25. 

  25. }
    26. 

  26. trap cleanup_files EXIT
    27. 

  27. 

  28. #setup the files
    29. 

  29. setup_files
    30. 

  30. 

  31. # caCrl
    32. 

  32. # revoke server-revoked-cert.pem
    33. 

  33. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem
    34. 

  34. 

  35. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
    36. 

  36. 

  37. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
    38. 

  38. 

  39. # metadata
    40. 

  40. openssl crl -in crl.pem -text > tmp
    41. 

  41. mv tmp crl.pem
    42. 

  42. # install (only needed if working outside wolfssl)
    43. 

  43. #cp crl.pem ~/wolfssl/certs/crl/crl.pem
    44. 

  44. 

  45. # crl2 create
    46. 

  46. openssl crl -in crl.pem -text > tmp
    47. 

  47. openssl crl -in crl2.pem -text >> tmp
    48. 

  48. mv tmp crl2.pem
    49. 

  49. 

  50. # caCrl server revoked
    51. 

  51. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
    52. 

  52. 

  53. # caCrl server revoked generation
    54. 

  54. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
    55. 

  55. 

  56. # metadata
    57. 

  57. openssl crl -in crl.revoked -text > tmp
    58. 

  58. mv tmp crl.revoked
    59. 

  59. # install (only needed if working outside wolfssl)
    60. 

  60. #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
    61. 

  61. 

  62. 

  63. # remove revoked so next time through the normal CA won't have server revoked
    64. 

  64. cp blank.index.txt demoCA/index.txt
    65. 

  65. 

  66. # caEccCrl
    67. 

  67. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
    68. 

  68. 

  69. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
    70. 

  70. 

  71. # metadata
    72. 

  72. openssl crl -in caEccCrl.pem -text > tmp
    73. 

  73. mv tmp caEccCrl.pem
    74. 

  74. # install (only needed if working outside wolfssl)
    75. 

  75. #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
    76. 

  76. 

  77. # caEcc384Crl
    78. 

  78. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
    79. 

  79. 

  80. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
    81. 

  81. 

  82. # metadata
    83. 

  83. openssl crl -in caEcc384Crl.pem -text > tmp
    84. 

  84. mv tmp caEcc384Crl.pem
    85. 

  85. # install (only needed if working outside wolfssl)
    86. 

  86. #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
    87. 

  87. 

  88. # cliCrl
    89. 

  89. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
    90. 

  90. 

  91. # metadata
    92. 

  92. openssl crl -in cliCrl.pem -text > tmp
    93. 

  93. mv tmp cliCrl.pem
    94. 

  94. # install (only needed if working outside wolfssl)
    95. 

  95. #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
    96. 

  96. 

  97. # eccCliCRL
    98. 

  98. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
    99. 

  99. 

  100. # metadata
    101. 

  101. openssl crl -in eccCliCRL.pem -text > tmp
    102. 

  102. mv tmp eccCliCRL.pem
    103. 

  103. # install (only needed if working outside wolfssl)
    104. 

  104. #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
    105. 

  105. 

  106. # eccSrvCRL
    107. 

  107. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
    108. 

  108. 

  109. # metadata
    110. 

  110. openssl crl -in eccSrvCRL.pem -text > tmp
    111. 

  111. mv tmp eccSrvCRL.pem
    112. 

  112. # install (only needed if working outside wolfssl)
    113. 

  113. #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
    114. 

  114. 

  115. # caEccCrl
    116. 

  116. openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
    117. 

  117. 

  118. # ca-ecc384-cert
    119. 

  119. openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
    120. 

  120. 

  121. exit 0
    122.