commit b29e23c5868ad5174f5301275d510182bb87a839
author Paul Bakker <p.j.bakker@polarssl.org> Mon Feb 09 21:06:41 2009 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Feb 09 21:06:41 2009 +0000
tree 0b1358695e191a00074a6956ab2a352343c363ec
parent 3681b118ec78e1052bec2b271eed8ed3c707b37a

 - Enhanced generation CA script and config to further automate different actions

programs/ssl/test-ca/gen_test_ca.sh

diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
index 117b8b2..2e9e7a4 100755
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh
@@ -4,9 +4,15 @@
 touch index
 echo "01" > serial
 
+PASSWORD=PolarSSLTest
+
 echo "Generating CA"
-openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
-            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Test CA" >> sslconf_use.txt
+
+openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
+            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
+	    -passout pass:$PASSWORD
 
 echo "Generating rest"
 openssl genrsa -out server1.key 2048
@@ -15,21 +21,33 @@
 openssl genrsa -out client2.key 2048
 
 echo "Generating requests"
-openssl req -config sslconf.txt -new -key server1.key -out server1.req
-openssl req -config sslconf.txt -new -key server2.key -out server2.req
-openssl req -config sslconf.txt -new -key client1.key -out client1.req
-openssl req -config sslconf.txt -new -key client2.key -out client2.req
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Server 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
 
 echo "Signing requests"
-openssl ca -config sslconf.txt -in server1.req -out server1.crt
-openssl ca -config sslconf.txt -in server2.req -out server2.crt
-openssl ca -config sslconf.txt -in client1.req -out client1.crt
-openssl ca -config sslconf.txt -in client2.req -out client2.crt
+for i in server1 server2 client1 client2;
+do
+  openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
+	-batch -in $i.req
+done
 
 echo "Revoking firsts"
-openssl ca -config sslconf.txt -revoke server1.crt
-openssl ca -config sslconf.txt -revoke client1.crt
-openssl ca -config sslconf.txt -gencrl -out crl.pem
+openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
 
 echo "Verifying second"
 openssl x509 -in server2.crt -text -noout
@@ -39,6 +57,6 @@
 
 echo "Generating PKCS12"
 openssl pkcs12 -export -in client2.crt -inkey client2.key \
-                      -out client2.pfx
+                      -out client2.pfx -passout pass:$PASSWORD
 
-rm *.old *.req
+rm *.old *.req sslconf_use.txt