Blame - programs/ssl/test-ca/gen_test_ca.sh - mirror/mbed-tls

blob: 1b9136a935dcf98332c6240ed0acf2d317fa004b [file] [log] [blame]

Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	1	#!/bin/sh
				2	rm -rf index newcerts/.pem serial .req .key .crt crl.prm
				3
				4	touch index
				5	echo "01" > serial
				6
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	7	PASSWORD=PolarSSLTest
				8
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	9	echo "Generating CA"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	10	cat sslconf.txt > sslconf_use.txt
				11	echo "CN=PolarSSL Test CA" >> sslconf_use.txt
				12
				13	openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
				14	-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
				15	-passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	16
				17	echo "Generating rest"
				18	openssl genrsa -out server1.key 2048
				19	openssl genrsa -out server2.key 2048
				20	openssl genrsa -out client1.key 2048
				21	openssl genrsa -out client2.key 2048
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	22	openssl genrsa -out cert_sha224.key 2048
				23	openssl genrsa -out cert_sha256.key 2048
				24	openssl genrsa -out cert_sha384.key 2048
				25	openssl genrsa -out cert_sha512.key 2048
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	26
				27	echo "Generating requests"
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	28	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	29	openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
				30
Paul Bakker	92f880b	2009-02-10 22:17:38 +0000	[diff] [blame]	31	cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	32	openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
				33
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	34	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	35	openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
				36
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	37	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	38	openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	39
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	40	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
				41	openssl req -config sslconf_use.txt -new -key cert_sha224.key -out cert_sha224.req -sha224
				42
				43	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
				44	openssl req -config sslconf_use.txt -new -key cert_sha256.key -out cert_sha256.req -sha256
				45
				46	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
				47	openssl req -config sslconf_use.txt -new -key cert_sha384.key -out cert_sha384.req -sha384
				48
				49	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
				50	openssl req -config sslconf_use.txt -new -key cert_sha512.key -out cert_sha512.req -sha512
				51
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	52	echo "Signing requests"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	53	for i in server1 server2 client1 client2;
				54	do
				55	openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
				56	-batch -in $i.req
				57	done
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	58
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	59	for i in 224 256 384 512;
				60	do
				61	openssl ca -config sslconf.txt -out cert_sha$i.crt -passin pass:$PASSWORD \
				62	-batch -in cert_sha$i.req -md sha$i
				63	done
				64
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	65	echo "Revoking firsts"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	66	openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
				67	openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
				68	openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	69
				70	echo "Verifying second"
				71	openssl x509 -in server2.crt -text -noout
				72	cat test-ca.crt crl.pem > ca_crl.pem
				73	openssl verify -CAfile ca_crl.pem -crl_check server2.crt
				74	rm ca_crl.pem
				75
				76	echo "Generating PKCS12"
				77	openssl pkcs12 -export -in client2.crt -inkey client2.key \
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	78	-out client2.pfx -passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	79
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	80	rm .old .req sslconf_use.txt