8 set TEMP_DOMAIN_NAME=
\r
15 if not defined PARAM goto opt_end
\r
16 if %1==-h goto opt_fqdn
\r
17 if %1==-e goto opt_entityid
\r
18 if %1==-y goto opt_years
\r
19 if %1==-f goto opt_force
\r
23 if exist "%PREFIX%sp-key.pem" goto protect
\r
24 if exist "%PREFIX%sp-cert.pem" goto protect
\r
26 if not defined YEARS set YEARS=10
\r
27 set /a DAYS=%YEARS%*365
\r
29 if not defined FQDN goto guess_fqdn
\r
32 set PATH=%PREFIX%..\..\lib;%PREFIX%..\..\bin
\r
33 set CNF="%PREFIX%sp-cert.cnf"
\r
34 echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%
\r
36 echo prompt=no >>%CNF%
\r
37 echo default_bits=2048 >>%CNF%
\r
38 echo encrypt_key=no >>%CNF%
\r
39 echo default_md=sha1 >>%CNF%
\r
40 echo distinguished_name=dn >>%CNF%
\r
41 echo # PrintableStrings only >>%CNF%
\r
42 echo string_mask=MASK:0002 >>%CNF%
\r
43 echo x509_extensions=ext >>%CNF%
\r
45 echo CN=%FQDN% >>%CNF%
\r
47 if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)
\r
48 echo subjectKeyIdentifier=hash >>%CNF%
\r
49 %PREFIX%..\..\bin\openssl.exe req -config %PREFIX%sp-cert.cnf -new -x509 -days %DAYS% -keyout %PREFIX%sp-key.pem -out %PREFIX%sp-cert.pem
\r
54 echo The files sp-key.pem and/or sp-cert.pem already exist!
\r
55 echo Use -f option to force recreation of keypair.
\r
59 if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"
\r
60 if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"
\r
83 echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
\r
87 for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i
\r
88 if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%
\r
89 set TEMP_DOMAIN_NAME=
\r
90 if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%
\r
92 for /F %%i in ('hostname') do set HOST=%%i
\r
93 if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)
\r
96 for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i
\r