Blame - programs/ssl/test-ca/gen_test_ca.sh - mirror/mbed-tls

blob: 65cf9aa51d69976fcd55d25105caf9c0aef75595 [file] [log] [blame]

Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	1	#!/bin/sh
				2	rm -rf index newcerts/.pem serial .req .key .crt crl.prm
				3
				4	touch index
				5	echo "01" > serial
				6
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	7	PASSWORD=PolarSSLTest
				8
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	9	echo "Generating CA"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	10	cat sslconf.txt > sslconf_use.txt
				11	echo "CN=PolarSSL Test CA" >> sslconf_use.txt
				12
				13	openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
				14	-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
				15	-passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	16
				17	echo "Generating rest"
				18	openssl genrsa -out server1.key 2048
				19	openssl genrsa -out server2.key 2048
				20	openssl genrsa -out client1.key 2048
				21	openssl genrsa -out client2.key 2048
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	22	openssl genrsa -out cert_digest.key 2048
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	23
				24	echo "Generating requests"
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	25	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	26	openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
				27
Paul Bakker	92f880b	2009-02-10 22:17:38 +0000	[diff] [blame]	28	cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	29	openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
				30
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	31	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	32	openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
				33
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	34	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	35	openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	36
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	37	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD2" >> sslconf_use.txt
				38	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md2.req -md2
				39
				40	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD4" >> sslconf_use.txt
				41	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md4.req -md4
				42
				43	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD5" >> sslconf_use.txt
				44	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md5.req -md5
				45
				46	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA1" >> sslconf_use.txt
				47	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha1.req -sha1
				48
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	49	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	50	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha224.req -sha224
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	51
				52	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	53	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha256.req -sha256
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	54
				55	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	56	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.req -sha384
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	57
				58	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	59	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	60
Paul Bakker	a8cd239	2012-02-11 16:09:32 +0000	[diff] [blame]	61	cat sslconf.txt > sslconf_use.txt;echo "CN=*.example.com" >> sslconf_use.txt
				62	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_wildcard.req
				63
Paul Bakker	a8cd239	2012-02-11 16:09:32 +0000	[diff] [blame]	64	cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
				65	echo "[ v3_req ]" >> sslconf_use.txt
Paul Bakker	4d2c124	2012-05-10 14:12:46 +0000	[diff] [blame]	66	echo "subjectAltName = \"DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
Paul Bakker	a8cd239	2012-02-11 16:09:32 +0000	[diff] [blame]	67	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
				68
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	69	echo "Signing requests"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	70	for i in server1 server2 client1 client2;
				71	do
				72	openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
				73	-batch -in $i.req
				74	done
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	75
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	76	for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	77	do
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame]	78	openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
				79	-batch -in cert_$i.req -md $i
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	80	done
				81
Paul Bakker	57b1298	2012-02-11 17:38:38 +0000	[diff] [blame]	82	for i in example_wildcard example_multi;
Paul Bakker	a8cd239	2012-02-11 16:09:32 +0000	[diff] [blame]	83	do
				84	openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
				85	-batch -in cert_$i.req
				86	done
				87
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	88	echo "Revoking firsts"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	89	openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
				90	openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
				91	openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	92
Paul Bakker	5d4a193	2009-07-19 20:31:02 +0000	[diff] [blame]	93	for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
				94	do
				95	openssl ca -batch -config sslconf.txt -gencrl -out crl_$i.pem -md $i -passin pass:$PASSWORD
				96	done
				97
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	98	echo "Verifying second"
				99	openssl x509 -in server2.crt -text -noout
				100	cat test-ca.crt crl.pem > ca_crl.pem
				101	openssl verify -CAfile ca_crl.pem -crl_check server2.crt
				102	rm ca_crl.pem
				103
				104	echo "Generating PKCS12"
				105	openssl pkcs12 -export -in client2.crt -inkey client2.key \
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	106	-out client2.pfx -passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	107
Paul Bakker	92101f2	2012-02-16 14:09:31 +0000	[diff] [blame]	108	rm *.old sslconf_use.txt