Blame - programs/ssl/test-ca/gen_test_ca.sh - mirror/mbed-tls

blob: ab803378bd5bc6d082f18ecd02387fec24fe594a [file] [log] [blame]

Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	1	#!/bin/sh
				2	rm -rf index newcerts/.pem serial .req .key .crt crl.prm
				3
				4	touch index
				5	echo "01" > serial
				6
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	7	PASSWORD=PolarSSLTest
				8
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	9	echo "Generating CA"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	10	cat sslconf.txt > sslconf_use.txt
				11	echo "CN=PolarSSL Test CA" >> sslconf_use.txt
				12
				13	openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
				14	-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
				15	-passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	16
				17	echo "Generating rest"
				18	openssl genrsa -out server1.key 2048
				19	openssl genrsa -out server2.key 2048
				20	openssl genrsa -out client1.key 2048
				21	openssl genrsa -out client2.key 2048
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	22	openssl genrsa -out cert_digest.key 2048
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	23
				24	echo "Generating requests"
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	25	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Server 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	26	openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
				27
Paul Bakker	92f880b	2009-02-10 22:17:38 +0000	[diff] [blame]	28	cat sslconf.txt > sslconf_use.txt;echo "CN=localhost" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	29	openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
				30
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	31	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 1" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	32	openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
				33
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	34	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Client 2" >> sslconf_use.txt
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	35	openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	36
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	37	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD2" >> sslconf_use.txt
				38	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md2.req -md2
				39
				40	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD4" >> sslconf_use.txt
				41	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md4.req -md4
				42
				43	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert MD5" >> sslconf_use.txt
				44	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_md5.req -md5
				45
				46	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA1" >> sslconf_use.txt
				47	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha1.req -sha1
				48
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	49	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA224" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	50	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha224.req -sha224
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	51
				52	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA256" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	53	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha256.req -sha256
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	54
				55	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA384" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	56	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha384.req -sha384
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	57
				58	cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	59	openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	60
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	61	echo "Signing requests"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	62	for i in server1 server2 client1 client2;
				63	do
				64	openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
				65	-batch -in $i.req
				66	done
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	67
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	68	for i in md2 md4 md5 sha1 sha224 sha256 sha384 sha512;
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	69	do
Paul Bakker	e23166f	2009-07-12 11:00:06 +0000	[diff] [blame^]	70	openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
				71	-batch -in cert_$i.req -md $i
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	72	done
				73
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	74	echo "Revoking firsts"
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	75	openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
				76	openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
				77	openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	78
				79	echo "Verifying second"
				80	openssl x509 -in server2.crt -text -noout
				81	cat test-ca.crt crl.pem > ca_crl.pem
				82	openssl verify -CAfile ca_crl.pem -crl_check server2.crt
				83	rm ca_crl.pem
				84
				85	echo "Generating PKCS12"
				86	openssl pkcs12 -export -in client2.crt -inkey client2.key \
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	87	-out client2.pfx -passout pass:$PASSWORD
Paul Bakker	b159ed2	2009-01-14 22:39:57 +0000	[diff] [blame]	88
Paul Bakker	b29e23c	2009-02-09 21:06:41 +0000	[diff] [blame]	89	rm .old .req sslconf_use.txt