4 # This is a script to help generate certificates for use with
10 export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
12 export LD_LIBRARY_PATH=${SSL}/lib
14 rm -rf demoCA roo* cert* *.pem *.der
17 echo -e "\t\t##################"
18 echo -e "\t\tcreate private key"
19 echo -e "\t\tname : name-root"
20 echo -e "\t\tCA.pl -newcert"
21 echo -e "\t\t##################\n"
23 openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
26 echo -e "\t\t##################"
27 echo -e "\t\tcreate CA"
28 echo -e "\t\tuse just created 'newreq.pem' private key as filename"
29 echo -e "\t\tCA.pl -newca"
30 echo -e "\t\t##################\n"
32 echo "newreq.pem" | /usr/local/ssl/misc/CA.pl -newca
34 #ls -lg demoCA/private/cakey.pem
37 echo -e "\t\t##################"
38 echo -e "\t\texporting ROOT CA"
39 echo -e "\t\tCA.pl -newreq"
40 echo -e "\t\tCA.pl -signreq"
41 echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
42 echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
43 echo -e "\t\t##################\n"
45 openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
46 openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
47 openssl x509 -inform PEM -outform DER -in root.pem -out root.der
50 echo -e "\t\t##################"
51 echo -e "\t\tcreating client certificate"
52 echo -e "\t\tname : name-clt"
53 echo -e "\t\tclient certificate stored as cert-clt.pem"
54 echo -e "\t\tCA.pl -newreq"
55 echo -e "\t\tCA.pl -signreq"
56 echo -e "\t\t##################\n"
58 openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
59 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
61 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever
62 openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
63 openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
66 echo -e "\t\t##################"
67 echo -e "\t\tcreating server certificate"
68 echo -e "\t\tname : name-srv"
69 echo -e "\t\tserver certificate stored as cert-srv.pem"
70 echo -e "\t\tCA.pl -newreq"
71 echo -e "\t\tCA.pl -signreq"
72 echo -e "\t\t##################\n"
74 openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
75 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
77 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
78 openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
79 openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
81 echo -e "\n\t\t##################\n"