Annotation of embedaddon/curl/tests/certs/scripts/genserv.sh, revision 1.1
1.1 ! misho 1: #!/bin/bash
! 2:
! 3: # (c) CopyRight 2000 - 2020, EdelWeb for EdelKey and OpenEvidence
! 4: # Author: Peter Sylvester
! 5:
! 6: # "libre" for integration with curl
! 7:
! 8: OPENSSL=openssl
! 9: if [ -f /usr/local/ssl/bin/openssl ] ; then
! 10: OPENSSL=/usr/local/ssl/bin/openssl
! 11: fi
! 12:
! 13: USAGE="echo Usage is genserv.sh <prefix> <caprefix>"
! 14:
! 15: HOME=`pwd`
! 16: cd $HOME
! 17:
! 18: KEYSIZE=2048
! 19: DURATION=3000
! 20: # The -sha256 option was introduced in OpenSSL 1.0.1
! 21: DIGESTALGO=-sha256
! 22:
! 23: REQ=YES
! 24: P12=NO
! 25: DHP=NO
! 26:
! 27: PREFIX=$1
! 28: if [ ".$PREFIX" = . ] ; then
! 29: echo No configuration prefix
! 30: NOTOK=1
! 31: else
! 32: if [ ! -f $PREFIX-sv.prm ] ; then
! 33: echo No configuration file $PREFIX-sv.prm
! 34: NOTOK=1
! 35: fi
! 36: fi
! 37:
! 38: CAPREFIX=$2
! 39: if [ ".$CAPREFIX" = . ] ; then
! 40: echo No CA prefix
! 41: NOTOK=1
! 42: else
! 43: if [ ! -f $CAPREFIX-ca.cacert ] ; then
! 44: echo No CA certificate file $CAPREFIX-ca.caert
! 45: NOTOK=1
! 46: fi
! 47: if [ ! -f $CAPREFIX-ca.key ] ; then
! 48: echo No $CAPREFIX key
! 49: NOTOK=1
! 50: fi
! 51: fi
! 52:
! 53: if [ ".$NOTOK" != . ] ; then
! 54: echo "Sorry, I can't do that for you."
! 55: $USAGE
! 56: exit
! 57: fi
! 58:
! 59: if [ ".$SERIAL" = . ] ; then
! 60: GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
! 61: SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
! 62: fi
! 63:
! 64: echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
! 65:
! 66: if [ "$DHP." = YES. ] ; then
! 67: echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE"
! 68: $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE
! 69: fi
! 70:
! 71: if [ "$REQ." = YES. ] ; then
! 72: echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX"
! 73: $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret
! 74: fi
! 75:
! 76: echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
! 77: $OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
! 78: echo pseudo secrets generated
! 79:
! 80: echo "openssl rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der"
! 81: $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der
! 82:
! 83: echo "openssl rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem"
! 84: $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem
! 85:
! 86: echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt "
! 87:
! 88: $OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt
! 89:
! 90: if [ "$P12." = YES. ] ; then
! 91:
! 92: echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
! 93:
! 94: $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
! 95: fi
! 96:
! 97: echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
! 98: $OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
! 99:
! 100: # revoke server cert
! 101: touch $CAPREFIX-ca.db
! 102: echo 01 > $CAPREFIX-ca.cnt
! 103: echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
! 104: $OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
! 105:
! 106: # issue CRL
! 107: echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
! 108: $OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
! 109:
! 110: echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
! 111: $OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
! 112:
! 113: # all together now
! 114: touch $PREFIX-sv.dhp
! 115: cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem
! 116: chmod o-r $PREFIX-sv.prm
! 117:
! 118: echo "$PREFIX-sv.pem done"
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to genserv.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / tests / certs / scripts