tests/certs/scripts: generate also CRL (645bdd83) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

tests/certs/EdelCurlRoot-ca.cnf

0 → 100644

+11 −0

Original line number	Diff line number	Diff line
		[ ca ]
		default_ca = EdelCurlRoot

		[ EdelCurlRoot ]
		database = EdelCurlRoot-ca.db
		certificate = EdelCurlRoot-ca.crt
		private_key = EdelCurlRoot-ca.key
		crlnumber = EdelCurlRoot-ca.cnt
		default_md = sha1
		default_days = 365
		default_crl_days = 30

tests/certs/scripts/genroot.sh

+5 −2

Original line number	Diff line number	Diff line
		@@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`

		echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE

		echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
		$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
		echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
		openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret

		echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
		$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret

		echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "

tests/certs/scripts/genserv.sh

+11 −5

Original line number	Diff line number	Diff line
		@@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
		NOTOK=1
		else
		if [ ! -f $CAPREFIX-ca.cacert ] ; then
		echo No CA certficate file $PREFIX-ca.caert
		echo No CA certficate file $CAPREFIX-ca.caert
		NOTOK=1
		fi
		if [ ! -f $CAPREFIX-ca.key ] ; then
		@@ -74,7 +74,6 @@ fi
		echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
		$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
		echo pseudo secrets generated
		read

		echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"

		@@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
		echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "

		$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt

		read
		fi

		echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
		$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline

		# revoke server cert
		touch $CAPREFIX-ca.db
		echo 01 > $CAPREFIX-ca.cnt
		echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
		$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt

		# issue CRL
		echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
		$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl

		echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
		$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
		read

		# all together now
		touch $PREFIX-sv.dhp