blob: 117b8b2f72c62d0f4c907367ebd445c2207e3cd3 [file] [log] [blame]
Paul Bakkerb159ed22009-01-14 22:39:57 +00001#!/bin/sh
2rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
3
4touch index
5echo "01" > serial
6
7echo "Generating CA"
8openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
9 -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
10
11echo "Generating rest"
12openssl genrsa -out server1.key 2048
13openssl genrsa -out server2.key 2048
14openssl genrsa -out client1.key 2048
15openssl genrsa -out client2.key 2048
16
17echo "Generating requests"
18openssl req -config sslconf.txt -new -key server1.key -out server1.req
19openssl req -config sslconf.txt -new -key server2.key -out server2.req
20openssl req -config sslconf.txt -new -key client1.key -out client1.req
21openssl req -config sslconf.txt -new -key client2.key -out client2.req
22
23echo "Signing requests"
24openssl ca -config sslconf.txt -in server1.req -out server1.crt
25openssl ca -config sslconf.txt -in server2.req -out server2.crt
26openssl ca -config sslconf.txt -in client1.req -out client1.crt
27openssl ca -config sslconf.txt -in client2.req -out client2.crt
28
29echo "Revoking firsts"
30openssl ca -config sslconf.txt -revoke server1.crt
31openssl ca -config sslconf.txt -revoke client1.crt
32openssl ca -config sslconf.txt -gencrl -out crl.pem
33
34echo "Verifying second"
35openssl x509 -in server2.crt -text -noout
36cat test-ca.crt crl.pem > ca_crl.pem
37openssl verify -CAfile ca_crl.pem -crl_check server2.crt
38rm ca_crl.pem
39
40echo "Generating PKCS12"
41openssl pkcs12 -export -in client2.crt -inkey client2.key \
42 -out client2.pfx
43
44rm *.old *.req