Annotation of embedaddon/strongswan/testing/hosts/winnetou/etc/ca/generate-crl, revision 1.1.1.2
1.1 misho 1: #!/bin/bash
2:
3: export LEAK_DETECTIVE_DISABLE=1
4:
5: ROOT="/var/www"
6:
7: ##
8: # strongSwan Root CA
9: cd /etc/ca
10:
11: # copy default web page
12: cp index.html ${ROOT}
13:
14: # copy strongsSwan CA certificate
15: cp strongswanCert.pem ${ROOT}
16: cp strongswanCert.der ${ROOT}
17:
18: # generate CRL for strongSwan Root CA
19: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
20: --lastcrl strongswan.crl > ${ROOT}/strongswan.crl
21:
22: # revoke moon's current certificate
23: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
24: --reason key-compromise --serial 03 \
25: --lastcrl ${ROOT}/strongswan.crl > ${ROOT}/strongswan_moon_revoked.crl
26:
27: # generate a base CRL
28: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
29: --crluri http://crl.strongswan.org/strongswan_delta.crl \
30: --lastcrl strongswan.crl --lifetime 30 > ${ROOT}/strongswan_base.crl
31:
32: # generate a delta CRL revoking moon's current cert
33: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
34: --basecrl ${ROOT}/strongswan_base.crl --reason key-compromise \
35: --serial 03 --lifetime 15 > ${ROOT}/strongswan_delta.crl
36:
37: # generate Hash-and-URL certificates
38: CERTS_DIR="${ROOT}/certs"
39: for cert in `ls certs`
40: do
41: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
42: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
43: done
44:
45: ##
46: # Research CA
47: cd /etc/ca/research
48:
49: # copy Research CA certificate
50: cp researchCert.pem ${ROOT}
51: cp researchCert.der ${ROOT}
52:
53: # generate CRL for Research CA
54: pki --signcrl --cakey researchKey.pem --cacert researchCert.pem \
55: > ${ROOT}/research.crl
56:
57: # generate Hash-and-URL certificates
58: CERTS_DIR="${ROOT}/certs/research"
59: for cert in `ls certs`
60: do
61: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
62: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
63: done
64:
65: ##
66: # Sales CA
67: cd /etc/ca/sales
68:
69: # copy Sales CA certificate
70: cp salesCert.pem ${ROOT}
71: cp salesCert.der ${ROOT}
72:
73: # generate CRL for Sales CA
74: pki --signcrl --cakey salesKey.pem --cacert salesCert.pem \
75: > ${ROOT}/sales.crl
76:
77: # generate Hash-and-URL certificates
78: CERTS_DIR="${ROOT}/certs/sales"
79: for cert in `ls certs`
80: do
81: openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
82: mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
83: done
84:
85: ##
1.1.1.2 ! misho 86: # Levels CA and sub-CAs
! 87: cd /etc/ca/levels
! 88:
! 89: # generate CRLs for Levels CA and sub-CAs
! 90: pki --signcrl --cakey levelsKey.pem --cacert levelsCert.pem \
! 91: > ${ROOT}/levels.crl
! 92: pki --signcrl --cakey levelsKey_l2.pem --cacert levelsCert_l2.pem \
! 93: > ${ROOT}/levels_l2.crl
! 94: pki --signcrl --cakey levelsKey_l3.pem --cacert levelsCert_l3.pem \
! 95: > ${ROOT}/levels_l3.crl
! 96:
! 97: ##
1.1 misho 98: # strongSwan EC Root CA
99: cd /etc/ca/ecdsa
100:
101: # copy ECDSA CA certificate
102: cp strongswanCert.pem ${ROOT}/strongswan_ecdsaCert.pem
103: openssl ec -in strongswanKey.pem -outform der -out ${ROOT}/strongswan_ecdsaCert.der
104: chmod a+r ${ROOT}/strongswan_ecdsaCert.der
105:
106: # generate CRL for strongSwan EC Root CA
107: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
108: > ${ROOT}/strongswan_ecdsa.crl
109:
110: ##
111: # strongSwan RFC3779 Root CA
112: cd /etc/ca/rfc3779
113:
114: # generate CRL for strongSwan RFC3779 Root CA
115: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
116: > ${ROOT}/strongswan_rfc3779.crl
117:
118: ##
119: # strongSwan SHA3-RSA Root CA
120: cd /etc/ca/sha3-rsa
121:
122: # generate CRL for strongSwan SHA3-RSA Root CA
123: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
124: --digest sha3_256 > ${ROOT}/strongswan_sha3_rsa.crl
125:
126: ##
127: # strongSwan Ed25519 Root CA
128: cd /etc/ca/ed25519
129:
130: # generate CRL for strongSwan Ed25519 Root CA
131: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
132: > ${ROOT}/strongswan_ed25519.crl
133:
134: ##
135: # strongSwan Monster Root CA
136: cd /etc/ca/monster
137:
138: # generate CRL for strongSwan Monster Root CA
139: pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
140: > ${ROOT}/strongswan_monster.crl
141:
142: ##
143: # strongSwan BlISS Root CA
144: cd /etc/ca/bliss
145:
146: # generate CRL for strongSwan BLISS Root CA
147: pki --signcrl --cakey strongswan_blissKey.der --cacert strongswan_blissCert.der \
148: --lifetime 30 --digest sha3_512 > ${ROOT}/strongswan_bliss.crl
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>