- Enhanced generation CA script and config to further automate different actions
diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
index 117b8b2..2e9e7a4 100755
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh
@@ -4,9 +4,15 @@
touch index
echo "01" > serial
+PASSWORD=PolarSSLTest
+
echo "Generating CA"
-openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
- -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
+cat sslconf.txt > sslconf_use.txt
+echo "CN=PolarSSL Test CA" >> sslconf_use.txt
+
+openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
+ -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
+ -passout pass:$PASSWORD
echo "Generating rest"
openssl genrsa -out server1.key 2048
@@ -15,21 +21,33 @@
openssl genrsa -out client2.key 2048
echo "Generating requests"
-openssl req -config sslconf.txt -new -key server1.key -out server1.req
-openssl req -config sslconf.txt -new -key server2.key -out server2.req
-openssl req -config sslconf.txt -new -key client1.key -out client1.req
-openssl req -config sslconf.txt -new -key client2.key -out client2.req
+cat sslconf.txt > sslconf_use.txt
+echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
+
+cat sslconf.txt > sslconf_use.txt
+echo "CN=PolarSSL Server 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
+
+cat sslconf.txt > sslconf_use.txt
+echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
+
+cat sslconf.txt > sslconf_use.txt
+echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
echo "Signing requests"
-openssl ca -config sslconf.txt -in server1.req -out server1.crt
-openssl ca -config sslconf.txt -in server2.req -out server2.crt
-openssl ca -config sslconf.txt -in client1.req -out client1.crt
-openssl ca -config sslconf.txt -in client2.req -out client2.crt
+for i in server1 server2 client1 client2;
+do
+ openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
+ -batch -in $i.req
+done
echo "Revoking firsts"
-openssl ca -config sslconf.txt -revoke server1.crt
-openssl ca -config sslconf.txt -revoke client1.crt
-openssl ca -config sslconf.txt -gencrl -out crl.pem
+openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
echo "Verifying second"
openssl x509 -in server2.crt -text -noout
@@ -39,6 +57,6 @@
echo "Generating PKCS12"
openssl pkcs12 -export -in client2.crt -inkey client2.key \
- -out client2.pfx
+ -out client2.pfx -passout pass:$PASSWORD
-rm *.old *.req
+rm *.old *.req sslconf_use.txt
diff --git a/programs/ssl/test-ca/sslconf.txt b/programs/ssl/test-ca/sslconf.txt
index e7901b1..81022d7 100644
--- a/programs/ssl/test-ca/sslconf.txt
+++ b/programs/ssl/test-ca/sslconf.txt
@@ -25,29 +25,14 @@
x509_extensions = v3_usr
[ my_policy ]
-countryName = optional
-stateOrProvinceName = optional
+countryName = supplied
organizationName = match
-organizationalUnitName = optional
commonName = supplied
-emailAddress = optional
[ req ]
distinguished_name = my_req_dn
x509_extensions = v3_ca
-
-[ my_req_dn ]
-countryName = Country Name..............
-countryName_min = 2
-countryName_max = 2
-stateOrProvinceName = State or Province Name....
-localityName = Locality Name.............
-0.organizationName = Organization Name.........
-organizationalUnitName = Org. Unit Name............
-commonName = Common Name (required)....
-commonName_max = 64
-emailAddress = Email Address.............
-emailAddress_max = 64
+prompt = no
[ v3_ca ]
basicConstraints = CA:TRUE
@@ -59,3 +44,6 @@
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
+[ my_req_dn ]
+C=NL
+O=PolarSSL