gencrls.sh 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. #!/bin/bash
  2. # gencrls, crl config already done, see taoCerts.txt for setup
  3. function setup_files() {
  4. #set up the file system for updating the crls
  5. echo "setting up the file system for generating the crls..."
  6. echo ""
  7. touch ./index.txt
  8. touch ./crlnumber
  9. echo "01" >> crlnumber
  10. touch ./blank.index.txt
  11. mkdir demoCA
  12. touch ./demoCA/index.txt
  13. }
  14. function cleanup_files() {
  15. rm blank.index.txt
  16. rm index.*
  17. rm crlnumber*
  18. rm -r demoCA
  19. echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
  20. echo ""
  21. exit 0
  22. }
  23. trap cleanup_files EXIT
  24. #setup the files
  25. setup_files
  26. # caCrl
  27. # revoke server-revoked-cert.pem
  28. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem
  29. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  30. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  31. # metadata
  32. openssl crl -in crl.pem -text > tmp
  33. mv tmp crl.pem
  34. # install (only needed if working outside wolfssl)
  35. #cp crl.pem ~/wolfssl/certs/crl/crl.pem
  36. # crl2 create
  37. openssl crl -in crl.pem -text > tmp
  38. openssl crl -in crl2.pem -text >> tmp
  39. mv tmp crl2.pem
  40. # caCrl server revoked
  41. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  42. # caCrl server revoked generation
  43. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
  44. # metadata
  45. openssl crl -in crl.revoked -text > tmp
  46. mv tmp crl.revoked
  47. # install (only needed if working outside wolfssl)
  48. #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
  49. # remove revoked so next time through the normal CA won't have server revoked
  50. cp blank.index.txt demoCA/index.txt
  51. # caEccCrl
  52. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  53. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  54. # metadata
  55. openssl crl -in caEccCrl.pem -text > tmp
  56. mv tmp caEccCrl.pem
  57. # install (only needed if working outside wolfssl)
  58. #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
  59. # caEcc384Crl
  60. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  61. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  62. # metadata
  63. openssl crl -in caEcc384Crl.pem -text > tmp
  64. mv tmp caEcc384Crl.pem
  65. # install (only needed if working outside wolfssl)
  66. #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
  67. # cliCrl
  68. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
  69. # metadata
  70. openssl crl -in cliCrl.pem -text > tmp
  71. mv tmp cliCrl.pem
  72. # install (only needed if working outside wolfssl)
  73. #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
  74. # eccCliCRL
  75. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
  76. # metadata
  77. openssl crl -in eccCliCRL.pem -text > tmp
  78. mv tmp eccCliCRL.pem
  79. # install (only needed if working outside wolfssl)
  80. #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
  81. # eccSrvCRL
  82. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
  83. # metadata
  84. openssl crl -in eccSrvCRL.pem -text > tmp
  85. mv tmp eccSrvCRL.pem
  86. # install (only needed if working outside wolfssl)
  87. #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
  88. # caEccCrl
  89. openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  90. # ca-ecc384-cert
  91. openssl ca -config ../ecc/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  92. exit 0