TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a8cd239d6ba4d34fea5f5afc374eebee6de30f6b / . / programs / ssl / test-ca / gen_test_ca.sh
blob: 0c096528fbcc3da0ed0cd6a316719b75df1aff2f [file] [log] [blame]
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]1#!/bin/sh
2rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
3
4touch index
5echo "01" > serial
6
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]7PASSWORD=PolarSSLTest
8
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]9echo "Generating CA"
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]10cat sslconf.txt > sslconf_use.txt
11echo "CN=PolarSSL Test CA" >> sslconf_use.txt
12
13openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
14 -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
15 -passout pass:$PASSWORD
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]16
17echo "Generating rest"
18openssl genrsa -out server1.key 2048
19openssl genrsa -out server2.key 2048
20openssl genrsa -out client1.key 2048
21openssl genrsa -out client2.key 2048
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]22openssl genrsa -out cert_digest.key 2048
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]23
24echo "Generating requests"
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]25cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]26openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
27
Paul Bakker92f880b2009-02-10 22:17:38 +0000[diff] [blame]28cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]29openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
30
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]31cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]32openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
33
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]34cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]35openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]36
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]37cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD2" >> sslconf_use.txt
38openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md2.req -md2
39
40cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD4" >> sslconf_use.txt
41openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md4.req -md4
42
43cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD5" >> sslconf_use.txt
44openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md5.req -md5
45
46cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA1" >> sslconf_use.txt
47openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha1.req -sha1
48
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]49cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]50openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha224.req -sha224
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]51
52cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]53openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha256.req -sha256
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]54
55cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]56openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.req -sha384
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]57
58cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]59openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]60
Paul Bakkera8cd2392012-02-11 16:09:32 +0000[diff] [blame^]61cat sslconf.txt > sslconf_use.txt;echo "CN=*.example.com" >> sslconf_use.txt
62openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_wildcard.req
63
64cat sslconf.txt > sslconf_use.txt;echo "CN=example.com" >> sslconf_use.txt
65openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example.req
66
67cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
68openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_www.req
69
70cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
71echo "[ v3_req ]" >> sslconf_use.txt
72echo "subjectAltName = \"DNS:www.example.com,DNS:example.com,DNS:example.net\"" >> sslconf_use.txt
73openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
74
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]75echo "Signing requests"
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]76for i in server1 server2 client1 client2;
77do
78 openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
79 -batch -in $i.req
80done
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]81
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]82for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]83do
Paul Bakkere23166f2009-07-12 11:00:06 +0000[diff] [blame]84 openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
85 -batch -in cert_$i.req -md $i
Paul Bakker4593aea2009-02-09 22:32:35 +0000[diff] [blame]86done
87
Paul Bakkera8cd2392012-02-11 16:09:32 +0000[diff] [blame^]88for i in example_wildcard example example_www example_multi;
89do
90 openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
91 -batch -in cert_$i.req
92done
93
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]94echo "Revoking firsts"
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]95openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
96openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
97openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]98
Paul Bakker5d4a1932009-07-19 20:31:02 +0000[diff] [blame]99for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
100do
101 openssl ca -batch -config sslconf.txt -gencrl -out crl_$i.pem -md $i -passin pass:$PASSWORD
102done
103
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]104echo "Verifying second"
105openssl x509 -in server2.crt -text -noout
106cat test-ca.crt crl.pem > ca_crl.pem
107openssl verify -CAfile ca_crl.pem -crl_check server2.crt
108rm ca_crl.pem
109
110echo "Generating PKCS12"
111openssl pkcs12 -export -in client2.crt -inkey client2.key \
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]112 -out client2.pfx -passout pass:$PASSWORD
Paul Bakkerb159ed22009-01-14 22:39:57 +0000[diff] [blame]113
Paul Bakkerb29e23c2009-02-09 21:06:41 +0000[diff] [blame]114rm *.old *.req sslconf_use.txt