freebsd-dev/util/mkcerts.sh
2008-08-23 10:51:00 +00:00

221 lines
3.7 KiB
Bash
Executable File

#!/bin/sh
# This script will re-make all the required certs.
# cd apps
# sh ../util/mkcerts.sh
# mv ca-cert.pem pca-cert.pem ../certs
# cd ..
# cat certs/*.pem >>apps/server.pem
# cat certs/*.pem >>apps/server2.pem
# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
# sh tools/c_rehash certs
#
CAbits=1024
SSLEAY="../apps/openssl"
CONF="-config ../apps/openssl.cnf"
# create pca request.
echo creating $CAbits bit PCA cert request
$SSLEAY req $CONF \
-new -md5 -newkey $CAbits \
-keyout pca-key.pem \
-out pca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test PCA (1024 bit)
EOF
if [ $? != 0 ]; then
echo problems generating PCA request
exit 1
fi
#sign it.
echo
echo self signing PCA
$SSLEAY x509 -md5 -days 1461 \
-req -signkey pca-key.pem \
-CAcreateserial -CAserial pca-cert.srl \
-in pca-req.pem -out pca-cert.pem
if [ $? != 0 ]; then
echo problems self signing PCA cert
exit 1
fi
echo
# create ca request.
echo creating $CAbits bit CA cert request
$SSLEAY req $CONF \
-new -md5 -newkey $CAbits \
-keyout ca-key.pem \
-out ca-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Test CA (1024 bit)
EOF
if [ $? != 0 ]; then
echo problems generating CA request
exit 1
fi
#sign it.
echo
echo signing CA
$SSLEAY x509 -md5 -days 1461 \
-req \
-CAcreateserial -CAserial pca-cert.srl \
-CA pca-cert.pem -CAkey pca-key.pem \
-in ca-req.pem -out ca-cert.pem
if [ $? != 0 ]; then
echo problems signing CA cert
exit 1
fi
echo
# create server request.
echo creating 512 bit server cert request
$SSLEAY req $CONF \
-new -md5 -newkey 512 \
-keyout s512-key.pem \
-out s512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (512 bit)
EOF
if [ $? != 0 ]; then
echo problems generating 512 bit server cert request
exit 1
fi
#sign it.
echo
echo signing 512 bit server cert
$SSLEAY x509 -md5 -days 365 \
-req \
-CAcreateserial -CAserial ca-cert.srl \
-CA ca-cert.pem -CAkey ca-key.pem \
-in s512-req.pem -out server.pem
if [ $? != 0 ]; then
echo problems signing 512 bit server cert
exit 1
fi
echo
# create 1024 bit server request.
echo creating 1024 bit server cert request
$SSLEAY req $CONF \
-new -md5 -newkey 1024 \
-keyout s1024key.pem \
-out s1024req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Server test cert (1024 bit)
EOF
if [ $? != 0 ]; then
echo problems generating 1024 bit server cert request
exit 1
fi
#sign it.
echo
echo signing 1024 bit server cert
$SSLEAY x509 -md5 -days 365 \
-req \
-CAcreateserial -CAserial ca-cert.srl \
-CA ca-cert.pem -CAkey ca-key.pem \
-in s1024req.pem -out server2.pem
if [ $? != 0 ]; then
echo problems signing 1024 bit server cert
exit 1
fi
echo
# create 512 bit client request.
echo creating 512 bit client cert request
$SSLEAY req $CONF \
-new -md5 -newkey 512 \
-keyout c512-key.pem \
-out c512-req.pem -nodes >/dev/null <<EOF
AU
Queensland
.
CryptSoft Pty Ltd
.
Client test cert (512 bit)
EOF
if [ $? != 0 ]; then
echo problems generating 512 bit client cert request
exit 1
fi
#sign it.
echo
echo signing 512 bit client cert
$SSLEAY x509 -md5 -days 365 \
-req \
-CAcreateserial -CAserial ca-cert.srl \
-CA ca-cert.pem -CAkey ca-key.pem \
-in c512-req.pem -out client.pem
if [ $? != 0 ]; then
echo problems signing 512 bit client cert
exit 1
fi
echo cleanup
cat pca-key.pem >> pca-cert.pem
cat ca-key.pem >> ca-cert.pem
cat s512-key.pem >> server.pem
cat s1024key.pem >> server2.pem
cat c512-key.pem >> client.pem
for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
do
$SSLEAY x509 -issuer -subject -in $i -noout >$$
cat $$
/bin/cat $i >>$$
/bin/mv $$ $i
done
#/bin/rm -f *key.pem *req.pem *.srl
echo Finished