mkcerts.sh 3.66 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
#!/bin/sh

# This script will re-make all the required certs.
# cd apps
# sh ../util/mkcerts.sh
# mv ca-cert.pem pca-cert.pem ../certs
# cd ..
# cat certs/*.pem >>apps/server.pem
# cat certs/*.pem >>apps/server2.pem
# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
# sh tools/c_rehash certs
#
 
CAbits=1024
SSLEAY="../apps/openssl"
CONF="-config ../apps/openssl.cnf"

# create pca request.
echo creating $CAbits bit PCA cert request
$SSLEAY req $CONF \
	-new -md5 -newkey $CAbits \
	-keyout pca-key.pem \
	-out pca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test PCA (1024 bit)



EOF

if [ $? != 0 ]; then
	echo problems generating PCA request
	exit 1
fi

#sign it.
echo
echo self signing PCA
$SSLEAY x509 -md5 -days 1461 \
	-req -signkey pca-key.pem \
	-CAcreateserial -CAserial pca-cert.srl \
	-in pca-req.pem -out pca-cert.pem

if [ $? != 0 ]; then
	echo problems self signing PCA cert
	exit 1
fi
echo

# create ca request.
echo creating $CAbits bit CA cert request
$SSLEAY req $CONF \
	-new -md5 -newkey $CAbits \
	-keyout ca-key.pem \
	-out ca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test CA (1024 bit)



EOF

if [ $? != 0 ]; then
	echo problems generating CA request
	exit 1
fi

#sign it.
echo
echo signing CA
$SSLEAY x509 -md5 -days 1461 \
	-req \
	-CAcreateserial -CAserial pca-cert.srl \
	-CA pca-cert.pem -CAkey pca-key.pem \
	-in ca-req.pem -out ca-cert.pem

if [ $? != 0 ]; then
	echo problems signing CA cert
	exit 1
fi
echo

# create server request.
echo creating 512 bit server cert request
$SSLEAY req $CONF \
	-new -md5 -newkey 512 \
	-keyout s512-key.pem \
	-out s512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (512 bit)



EOF

if [ $? != 0 ]; then
	echo problems generating 512 bit server cert request
	exit 1
fi

#sign it.
echo
echo signing 512 bit server cert
$SSLEAY x509 -md5 -days 365 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in s512-req.pem -out server.pem

if [ $? != 0 ]; then
	echo problems signing 512 bit server cert
	exit 1
fi
echo

# create 1024 bit server request.
echo creating 1024 bit server cert request
$SSLEAY req $CONF \
	-new -md5 -newkey 1024 \
	-keyout s1024key.pem \
	-out s1024req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (1024 bit)



EOF

if [ $? != 0 ]; then
	echo problems generating 1024 bit server cert request
	exit 1
fi

#sign it.
echo
echo signing 1024 bit server cert
$SSLEAY x509 -md5 -days 365 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in s1024req.pem -out server2.pem

if [ $? != 0 ]; then
	echo problems signing 1024 bit server cert
	exit 1
fi
echo

# create 512 bit client request.
echo creating 512 bit client cert request
$SSLEAY req $CONF \
	-new -md5 -newkey 512 \
	-keyout c512-key.pem \
	-out c512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Client test cert (512 bit)



EOF

if [ $? != 0 ]; then
	echo problems generating 512 bit client cert request
	exit 1
fi

#sign it.
echo
echo signing 512 bit client cert
$SSLEAY x509 -md5 -days 365 \
	-req \
	-CAcreateserial -CAserial ca-cert.srl \
	-CA ca-cert.pem -CAkey ca-key.pem \
	-in c512-req.pem -out client.pem

if [ $? != 0 ]; then
	echo problems signing 512 bit client cert
	exit 1
fi

echo cleanup

cat pca-key.pem  >> pca-cert.pem
cat ca-key.pem   >> ca-cert.pem
cat s512-key.pem >> server.pem
cat s1024key.pem >> server2.pem
cat c512-key.pem >> client.pem

for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
do
$SSLEAY x509 -issuer -subject -in $i -noout >$$
cat $$
/bin/cat $i >>$$
/bin/mv $$ $i
done

#/bin/rm -f *key.pem *req.pem *.srl

echo Finished