Annotation of embedaddon/curl/tests/certs/scripts/genserv.sh, revision 1.1.1.1
1.1 misho 1: #!/bin/bash
2:
3: # (c) CopyRight 2000 - 2020, EdelWeb for EdelKey and OpenEvidence
4: # Author: Peter Sylvester
5:
6: # "libre" for integration with curl
7:
8: OPENSSL=openssl
9: if [ -f /usr/local/ssl/bin/openssl ] ; then
10: OPENSSL=/usr/local/ssl/bin/openssl
11: fi
12:
13: USAGE="echo Usage is genserv.sh <prefix> <caprefix>"
14:
15: HOME=`pwd`
16: cd $HOME
17:
18: KEYSIZE=2048
19: DURATION=3000
20: # The -sha256 option was introduced in OpenSSL 1.0.1
21: DIGESTALGO=-sha256
22:
23: REQ=YES
24: P12=NO
25: DHP=NO
26:
27: PREFIX=$1
28: if [ ".$PREFIX" = . ] ; then
29: echo No configuration prefix
30: NOTOK=1
31: else
32: if [ ! -f $PREFIX-sv.prm ] ; then
33: echo No configuration file $PREFIX-sv.prm
34: NOTOK=1
35: fi
36: fi
37:
38: CAPREFIX=$2
39: if [ ".$CAPREFIX" = . ] ; then
40: echo No CA prefix
41: NOTOK=1
42: else
43: if [ ! -f $CAPREFIX-ca.cacert ] ; then
44: echo No CA certificate file $CAPREFIX-ca.caert
45: NOTOK=1
46: fi
47: if [ ! -f $CAPREFIX-ca.key ] ; then
48: echo No $CAPREFIX key
49: NOTOK=1
50: fi
51: fi
52:
53: if [ ".$NOTOK" != . ] ; then
54: echo "Sorry, I can't do that for you."
55: $USAGE
56: exit
57: fi
58:
59: if [ ".$SERIAL" = . ] ; then
60: GETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
61: SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
62: fi
63:
64: echo SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
65:
66: if [ "$DHP." = YES. ] ; then
67: echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE"
68: $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE
69: fi
70:
71: if [ "$REQ." = YES. ] ; then
72: echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX"
73: $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret
74: fi
75:
76: echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
77: $OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
78: echo pseudo secrets generated
79:
80: echo "openssl rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der"
81: $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der
82:
83: echo "openssl rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem"
84: $OPENSSL rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem
85:
86: echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt "
87:
88: $OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt
89:
90: if [ "$P12." = YES. ] ; then
91:
92: echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
93:
94: $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
95: fi
96:
97: echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
98: $OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
99:
100: # revoke server cert
101: touch $CAPREFIX-ca.db
102: echo 01 > $CAPREFIX-ca.cnt
103: echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
104: $OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
105:
106: # issue CRL
107: echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
108: $OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
109:
110: echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
111: $OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
112:
113: # all together now
114: touch $PREFIX-sv.dhp
115: cat $PREFIX-sv.prm $PREFIX-sv.key $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem
116: chmod o-r $PREFIX-sv.prm
117:
118: echo "$PREFIX-sv.pem done"
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to genserv.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / tests / certs / scripts