Paul Bakker | b159ed2 | 2009-01-14 22:39:57 +0000 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm |
| 3 | |
| 4 | touch index |
| 5 | echo "01" > serial |
| 6 | |
| 7 | echo "Generating CA" |
| 8 | openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \ |
| 9 | -set_serial 0 -text -keyout test-ca.key -out test-ca.crt |
| 10 | |
| 11 | echo "Generating rest" |
| 12 | openssl genrsa -out server1.key 2048 |
| 13 | openssl genrsa -out server2.key 2048 |
| 14 | openssl genrsa -out client1.key 2048 |
| 15 | openssl genrsa -out client2.key 2048 |
| 16 | |
| 17 | echo "Generating requests" |
| 18 | openssl req -config sslconf.txt -new -key server1.key -out server1.req |
| 19 | openssl req -config sslconf.txt -new -key server2.key -out server2.req |
| 20 | openssl req -config sslconf.txt -new -key client1.key -out client1.req |
| 21 | openssl req -config sslconf.txt -new -key client2.key -out client2.req |
| 22 | |
| 23 | echo "Signing requests" |
| 24 | openssl ca -config sslconf.txt -in server1.req -out server1.crt |
| 25 | openssl ca -config sslconf.txt -in server2.req -out server2.crt |
| 26 | openssl ca -config sslconf.txt -in client1.req -out client1.crt |
| 27 | openssl ca -config sslconf.txt -in client2.req -out client2.crt |
| 28 | |
| 29 | echo "Revoking firsts" |
| 30 | openssl ca -config sslconf.txt -revoke server1.crt |
| 31 | openssl ca -config sslconf.txt -revoke client1.crt |
| 32 | openssl ca -config sslconf.txt -gencrl -out crl.pem |
| 33 | |
| 34 | echo "Verifying second" |
| 35 | openssl x509 -in server2.crt -text -noout |
| 36 | cat test-ca.crt crl.pem > ca_crl.pem |
| 37 | openssl verify -CAfile ca_crl.pem -crl_check server2.crt |
| 38 | rm ca_crl.pem |
| 39 | |
| 40 | echo "Generating PKCS12" |
| 41 | openssl pkcs12 -export -in client2.crt -inkey client2.key \ |
| 42 | -out client2.pfx |
| 43 | |
| 44 | rm *.old *.req |