Annotation of embedaddon/strongswan/testing/hosts/winnetou/etc/ca/generate-crl, revision 1.1
1.1 ! misho 1: #!/bin/bash
! 2:
! 3: export LEAK_DETECTIVE_DISABLE=1
! 4:
! 5: ROOT="/var/www"
! 6:
! 7: ##
! 8: # strongSwan Root CA
! 9: cd /etc/ca
! 10:
! 11: # copy default web page
! 12: cp index.html ${ROOT}
! 13:
! 14: # copy strongsSwan CA certificate
! 15: cp strongswanCert.pem ${ROOT}
! 16: cp strongswanCert.der ${ROOT}
! 17:
! 18: # generate CRL for strongSwan Root CA
! 19: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 20: --lastcrl strongswan.crl > ${ROOT}/strongswan.crl
! 21:
! 22: # revoke moon's current certificate
! 23: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 24: --reason key-compromise --serial 03 \
! 25: --lastcrl ${ROOT}/strongswan.crl > ${ROOT}/strongswan_moon_revoked.crl
! 26:
! 27: # generate a base CRL
! 28: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 29: --crluri http://crl.strongswan.org/strongswan_delta.crl \
! 30: --lastcrl strongswan.crl --lifetime 30 > ${ROOT}/strongswan_base.crl
! 31:
! 32: # generate a delta CRL revoking moon's current cert
! 33: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 34: --basecrl ${ROOT}/strongswan_base.crl --reason key-compromise \
! 35: --serial 03 --lifetime 15 > ${ROOT}/strongswan_delta.crl
! 36:
! 37: # generate Hash-and-URL certificates
! 38: CERTS_DIR="${ROOT}/certs"
! 39: for cert in `ls certs`
! 40: do
! 41: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
! 42: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
! 43: done
! 44:
! 45: ##
! 46: # Research CA
! 47: cd /etc/ca/research
! 48:
! 49: # copy Research CA certificate
! 50: cp researchCert.pem ${ROOT}
! 51: cp researchCert.der ${ROOT}
! 52:
! 53: # generate CRL for Research CA
! 54: pki --signcrl --cakey researchKey.pem --cacert researchCert.pem \
! 55: > ${ROOT}/research.crl
! 56:
! 57: # generate Hash-and-URL certificates
! 58: CERTS_DIR="${ROOT}/certs/research"
! 59: for cert in `ls certs`
! 60: do
! 61: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
! 62: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
! 63: done
! 64:
! 65: ##
! 66: # Sales CA
! 67: cd /etc/ca/sales
! 68:
! 69: # copy Sales CA certificate
! 70: cp salesCert.pem ${ROOT}
! 71: cp salesCert.der ${ROOT}
! 72:
! 73: # generate CRL for Sales CA
! 74: pki --signcrl --cakey salesKey.pem --cacert salesCert.pem \
! 75: > ${ROOT}/sales.crl
! 76:
! 77: # generate Hash-and-URL certificates
! 78: CERTS_DIR="${ROOT}/certs/sales"
! 79: for cert in `ls certs`
! 80: do
! 81: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
! 82: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
! 83: done
! 84:
! 85: ##
! 86: # strongSwan EC Root CA
! 87: cd /etc/ca/ecdsa
! 88:
! 89: # copy ECDSA CA certificate
! 90: cp strongswanCert.pem ${ROOT}/strongswan_ecdsaCert.pem
! 91: openssl ec -in strongswanKey.pem -outform der -out ${ROOT}/strongswan_ecdsaCert.der
! 92: chmod a+r ${ROOT}/strongswan_ecdsaCert.der
! 93:
! 94: # generate CRL for strongSwan EC Root CA
! 95: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 96: > ${ROOT}/strongswan_ecdsa.crl
! 97:
! 98: ##
! 99: # strongSwan RFC3779 Root CA
! 100: cd /etc/ca/rfc3779
! 101:
! 102: # generate CRL for strongSwan RFC3779 Root CA
! 103: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 104: > ${ROOT}/strongswan_rfc3779.crl
! 105:
! 106: ##
! 107: # strongSwan SHA3-RSA Root CA
! 108: cd /etc/ca/sha3-rsa
! 109:
! 110: # generate CRL for strongSwan SHA3-RSA Root CA
! 111: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 112: --digest sha3_256 > ${ROOT}/strongswan_sha3_rsa.crl
! 113:
! 114: ##
! 115: # strongSwan Ed25519 Root CA
! 116: cd /etc/ca/ed25519
! 117:
! 118: # generate CRL for strongSwan Ed25519 Root CA
! 119: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 120: > ${ROOT}/strongswan_ed25519.crl
! 121:
! 122: ##
! 123: # strongSwan Monster Root CA
! 124: cd /etc/ca/monster
! 125:
! 126: # generate CRL for strongSwan Monster Root CA
! 127: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
! 128: > ${ROOT}/strongswan_monster.crl
! 129:
! 130: ##
! 131: # strongSwan BlISS Root CA
! 132: cd /etc/ca/bliss
! 133:
! 134: # generate CRL for strongSwan BLISS Root CA
! 135: pki --signcrl --cakey strongswan_blissKey.der --cacert strongswan_blissCert.der \
! 136: --lifetime 30 --digest sha3_512 > ${ROOT}/strongswan_bliss.crl
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>