Annotation of embedaddon/strongswan/testing/hosts/winnetou/etc/ca/generate-crl, revision 1.1.1.1
1.1 misho 1: #!/bin/bash
2:
3: export LEAK_DETECTIVE_DISABLE=1
4:
5: ROOT="/var/www"
6:
7: ##
8: # strongSwan Root CA
9: cd /etc/ca
10:
11: # copy default web page
12: cp index.html ${ROOT}
13:
14: # copy strongsSwan CA certificate
15: cp strongswanCert.pem ${ROOT}
16: cp strongswanCert.der ${ROOT}
17:
18: # generate CRL for strongSwan Root CA
19: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
20: --lastcrl strongswan.crl > ${ROOT}/strongswan.crl
21:
22: # revoke moon's current certificate
23: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
24: --reason key-compromise --serial 03 \
25: --lastcrl ${ROOT}/strongswan.crl > ${ROOT}/strongswan_moon_revoked.crl
26:
27: # generate a base CRL
28: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
29: --crluri http://crl.strongswan.org/strongswan_delta.crl \
30: --lastcrl strongswan.crl --lifetime 30 > ${ROOT}/strongswan_base.crl
31:
32: # generate a delta CRL revoking moon's current cert
33: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
34: --basecrl ${ROOT}/strongswan_base.crl --reason key-compromise \
35: --serial 03 --lifetime 15 > ${ROOT}/strongswan_delta.crl
36:
37: # generate Hash-and-URL certificates
38: CERTS_DIR="${ROOT}/certs"
39: for cert in `ls certs`
40: do
41: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
42: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
43: done
44:
45: ##
46: # Research CA
47: cd /etc/ca/research
48:
49: # copy Research CA certificate
50: cp researchCert.pem ${ROOT}
51: cp researchCert.der ${ROOT}
52:
53: # generate CRL for Research CA
54: pki --signcrl --cakey researchKey.pem --cacert researchCert.pem \
55: > ${ROOT}/research.crl
56:
57: # generate Hash-and-URL certificates
58: CERTS_DIR="${ROOT}/certs/research"
59: for cert in `ls certs`
60: do
61: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
62: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
63: done
64:
65: ##
66: # Sales CA
67: cd /etc/ca/sales
68:
69: # copy Sales CA certificate
70: cp salesCert.pem ${ROOT}
71: cp salesCert.der ${ROOT}
72:
73: # generate CRL for Sales CA
74: pki --signcrl --cakey salesKey.pem --cacert salesCert.pem \
75: > ${ROOT}/sales.crl
76:
77: # generate Hash-and-URL certificates
78: CERTS_DIR="${ROOT}/certs/sales"
79: for cert in `ls certs`
80: do
81: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
82: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
83: done
84:
85: ##
86: # strongSwan EC Root CA
87: cd /etc/ca/ecdsa
88:
89: # copy ECDSA CA certificate
90: cp strongswanCert.pem ${ROOT}/strongswan_ecdsaCert.pem
91: openssl ec -in strongswanKey.pem -outform der -out ${ROOT}/strongswan_ecdsaCert.der
92: chmod a+r ${ROOT}/strongswan_ecdsaCert.der
93:
94: # generate CRL for strongSwan EC Root CA
95: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
96: > ${ROOT}/strongswan_ecdsa.crl
97:
98: ##
99: # strongSwan RFC3779 Root CA
100: cd /etc/ca/rfc3779
101:
102: # generate CRL for strongSwan RFC3779 Root CA
103: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
104: > ${ROOT}/strongswan_rfc3779.crl
105:
106: ##
107: # strongSwan SHA3-RSA Root CA
108: cd /etc/ca/sha3-rsa
109:
110: # generate CRL for strongSwan SHA3-RSA Root CA
111: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
112: --digest sha3_256 > ${ROOT}/strongswan_sha3_rsa.crl
113:
114: ##
115: # strongSwan Ed25519 Root CA
116: cd /etc/ca/ed25519
117:
118: # generate CRL for strongSwan Ed25519 Root CA
119: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
120: > ${ROOT}/strongswan_ed25519.crl
121:
122: ##
123: # strongSwan Monster Root CA
124: cd /etc/ca/monster
125:
126: # generate CRL for strongSwan Monster Root CA
127: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
128: > ${ROOT}/strongswan_monster.crl
129:
130: ##
131: # strongSwan BlISS Root CA
132: cd /etc/ca/bliss
133:
134: # generate CRL for strongSwan BLISS Root CA
135: pki --signcrl --cakey strongswan_blissKey.der --cacert strongswan_blissCert.der \
136: --lifetime 30 --digest sha3_512 > ${ROOT}/strongswan_bliss.crl
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>