Added a massively helpful script

diff --git a/scripts/CA.all b/scripts/CA.all
new file mode 100755 (executable)
index 0000000..a3df90a
--- /dev/null
+++ b/scripts/CA.all
@@ -0,0 +1,81 @@
+#!/bin/sh -x
+
+#
+#  This is a script to help generate certificates for use with
+#  the EAP-TLS module.
+#
+
+SSL=/usr/local/ssl
+
+export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
+
+export LD_LIBRARY_PATH=${SSL}/lib
+
+rm -rf demoCA roo* cert* *.pem *.der
+
+echo -e ""
+echo -e "\t\t##################"
+echo -e "\t\tcreate private key"
+echo -e "\t\tname : name-root"
+echo -e "\t\tCA.pl -newcert"
+echo -e "\t\t##################\n"
+
+openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
+
+echo -e ""
+echo -e "\t\t##################"
+echo -e "\t\tcreate CA"
+echo -e "\t\tuse just created 'newreq.pem' private key as filename"
+echo -e "\t\tCA.pl -newca"
+echo -e "\t\t##################\n"
+
+echo "newreq.pem" | /usr/local/ssl/misc/CA.pl -newca
+
+#ls -lg demoCA/private/cakey.pem
+
+echo -e ""
+echo -e "\t\t##################"
+echo -e "\t\texporting ROOT CA"
+echo -e "\t\tCA.pl -newreq"
+echo -e "\t\tCA.pl -signreq"
+echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
+echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
+echo -e "\t\t##################\n"
+
+openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
+openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
+openssl x509 -inform PEM -outform DER -in root.pem -out root.der 
+
+echo -e ""
+echo -e "\t\t##################"
+echo -e "\t\tcreating client certificate"
+echo -e "\t\tname : name-clt"
+echo -e "\t\tclient certificate stored as cert-clt.pem"
+echo -e "\t\tCA.pl -newreq"
+echo -e "\t\tCA.pl -signreq"
+echo -e "\t\t##################\n"
+
+openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
+openssl ca  -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
+
+openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever
+openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
+openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der 
+
+echo -e ""
+echo -e "\t\t##################"
+echo -e "\t\tcreating server certificate"
+echo -e "\t\tname : name-srv"
+echo -e "\t\tserver certificate stored as cert-srv.pem"
+echo -e "\t\tCA.pl -newreq"
+echo -e "\t\tCA.pl -signreq"
+echo -e "\t\t##################\n"
+
+openssl req -new  -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
+openssl ca  -policy policy_anything  -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem 
+
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
+openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
+openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der 
+
+echo -e "\n\t\t##################\n"