Blame - programs/ssl/test-ca/gen_test_ca.sh - mirror/mbed-tls

blob: 2e9e7a420890b5003685b1b4697af257575341c7 [file] [log] [blame]

Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	1	#!/bin/sh
				2	rm -rf index newcerts/.pem serial .req .key .crt crl.prm
				3
				4	touch index
				5	echo "01" > serial
				6
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	7	PASSWORD=PolarSSLTest
				8
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	9	echo "Generating CA"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	10	cat sslconf.txt > sslconf_use.txt
				11	echo "CN=PolarSSL Test CA" >> sslconf_use.txt
				12
				13	openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
				14	-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
				15	-passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	16
				17	echo "Generating rest"
				18	openssl genrsa -out server1.key 2048
				19	openssl genrsa -out server2.key 2048
				20	openssl genrsa -out client1.key 2048
				21	openssl genrsa -out client2.key 2048
				22
				23	echo "Generating requests"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	24	cat sslconf.txt > sslconf_use.txt
				25	echo "CN=PolarSSL Server 1" >> sslconf_use.txt
				26	openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
				27
				28	cat sslconf.txt > sslconf_use.txt
				29	echo "CN=PolarSSL Server 2" >> sslconf_use.txt
				30	openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
				31
				32	cat sslconf.txt > sslconf_use.txt
				33	echo "CN=PolarSSL Client 1" >> sslconf_use.txt
				34	openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
				35
				36	cat sslconf.txt > sslconf_use.txt
				37	echo "CN=PolarSSL Client 2" >> sslconf_use.txt
				38	openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	39
				40	echo "Signing requests"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	41	for i in server1 server2 client1 client2;
				42	do
				43	openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
				44	-batch -in $i.req
				45	done
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	46
				47	echo "Revoking firsts"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	48	openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
				49	openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
				50	openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	51
				52	echo "Verifying second"
				53	openssl x509 -in server2.crt -text -noout
				54	cat test-ca.crt crl.pem > ca_crl.pem
				55	openssl verify -CAfile ca_crl.pem -crl_check server2.crt
				56	rm ca_crl.pem
				57
				58	echo "Generating PKCS12"
				59	openssl pkcs12 -export -in client2.crt -inkey client2.key \
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	60	-out client2.pfx -passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	61
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame^]	62	rm .old .req sslconf_use.txt