| 1 | #!/bin/sh
|
|---|
| 2 |
|
|---|
| 3 | opensslcmd() {
|
|---|
| 4 | LD_LIBRARY_PATH=../.. ../../apps/openssl $@
|
|---|
| 5 | }
|
|---|
| 6 |
|
|---|
| 7 | # report the openssl version
|
|---|
| 8 | opensslcmd version
|
|---|
| 9 |
|
|---|
| 10 | echo "Creating private keys and certs..."
|
|---|
| 11 |
|
|---|
| 12 | #####
|
|---|
| 13 |
|
|---|
| 14 | # root CA private key
|
|---|
| 15 | opensslcmd genpkey \
|
|---|
| 16 | -algorithm EC \
|
|---|
| 17 | -pkeyopt ec_paramgen_curve:secp521r1 \
|
|---|
| 18 | -pkeyopt ec_param_enc:named_curve \
|
|---|
| 19 | -out root-key.pem
|
|---|
| 20 |
|
|---|
| 21 | # root CA certificate (self-signed)
|
|---|
| 22 | opensslcmd req \
|
|---|
| 23 | -config ca.cnf \
|
|---|
| 24 | -x509 \
|
|---|
| 25 | -days 3650 \
|
|---|
| 26 | -key root-key.pem \
|
|---|
| 27 | -subj /CN=TestRootCA \
|
|---|
| 28 | -out root-cert.pem
|
|---|
| 29 | #####
|
|---|
| 30 |
|
|---|
| 31 | # intermediate CA private key
|
|---|
| 32 | opensslcmd genpkey \
|
|---|
| 33 | -algorithm EC \
|
|---|
| 34 | -pkeyopt ec_paramgen_curve:secp384r1 \
|
|---|
| 35 | -pkeyopt ec_param_enc:named_curve \
|
|---|
| 36 | -out intermediate-key.pem
|
|---|
| 37 |
|
|---|
| 38 | # intermediate CA certificate-signing-request
|
|---|
| 39 | opensslcmd req \
|
|---|
| 40 | -config ca.cnf \
|
|---|
| 41 | -new \
|
|---|
| 42 | -key intermediate-key.pem \
|
|---|
| 43 | -subj /CN=TestIntermediateCA \
|
|---|
| 44 | -out intermediate-csr.pem
|
|---|
| 45 |
|
|---|
| 46 | # intermediate CA certificate (signed by root CA)
|
|---|
| 47 | opensslcmd req \
|
|---|
| 48 | -config ca.cnf \
|
|---|
| 49 | -x509 \
|
|---|
| 50 | -days 1825 \
|
|---|
| 51 | -CA root-cert.pem \
|
|---|
| 52 | -CAkey root-key.pem \
|
|---|
| 53 | -in intermediate-csr.pem \
|
|---|
| 54 | -copy_extensions copyall \
|
|---|
| 55 | -out intermediate-cert.pem
|
|---|
| 56 | #####
|
|---|
| 57 |
|
|---|
| 58 | # server key
|
|---|
| 59 | opensslcmd genpkey \
|
|---|
| 60 | -algorithm EC \
|
|---|
| 61 | -pkeyopt ec_paramgen_curve:prime256v1 \
|
|---|
| 62 | -pkeyopt ec_param_enc:named_curve \
|
|---|
| 63 | -out server-key.pem
|
|---|
| 64 |
|
|---|
| 65 | # server certificate-signing-request
|
|---|
| 66 | opensslcmd req \
|
|---|
| 67 | -config ca.cnf \
|
|---|
| 68 | -extensions usr_cert \
|
|---|
| 69 | -new \
|
|---|
| 70 | -key server-key.pem \
|
|---|
| 71 | -subj /CN=TestServerCA \
|
|---|
| 72 | -out server-csr.pem
|
|---|
| 73 |
|
|---|
| 74 | # server certificate (signed by intermediate CA)
|
|---|
| 75 | opensslcmd req \
|
|---|
| 76 | -config ca.cnf \
|
|---|
| 77 | -extensions usr_cert \
|
|---|
| 78 | -x509 \
|
|---|
| 79 | -days 365 \
|
|---|
| 80 | -CA intermediate-cert.pem \
|
|---|
| 81 | -CAkey intermediate-key.pem \
|
|---|
| 82 | -in server-csr.pem \
|
|---|
| 83 | -copy_extensions copyall \
|
|---|
| 84 | -out server-cert.pem
|
|---|
| 85 | #####
|
|---|
| 86 |
|
|---|
| 87 | rm -f index.txt index.txt.attr
|
|---|
| 88 | echo -n > index.txt
|
|---|
| 89 | opensslcmd ca \
|
|---|
| 90 | -config ca.cnf \
|
|---|
| 91 | -valid server-cert.pem \
|
|---|
| 92 | -keyfile intermediate-key.pem \
|
|---|
| 93 | -cert intermediate-cert.pem
|
|---|
| 94 | rm -f index.txt.old
|
|---|
| 95 | #####
|
|---|
| 96 |
|
|---|
| 97 | cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
|
|---|
| 98 | cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
|
|---|
| 99 |
|
|---|
| 100 | echo "Done."
|
|---|
