+++ /dev/null
-#!/bin/sh -x
-
-#
-# This is a script to help generate certificates for use with
-# the EAP-TLS module.
-#
-
-SSL=/usr/local/ssl
-
-export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
-
-export LD_LIBRARY_PATH=${SSL}/lib
-
-rm -rf demoCA roo* cert* *.pem *.der
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreate private key"
-echo -e "\t\tname : name-root"
-echo -e "\t\tCA.pl -newcert"
-echo -e "\t\t##################\n"
-
-openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreate CA"
-echo -e "\t\tuse just created 'newreq.pem' private key as filename"
-echo -e "\t\tCA.pl -newca"
-echo -e "\t\t##################\n"
-
-echo "newreq.pem" | /usr/local/ssl/misc/CA.pl -newca
-
-#ls -lg demoCA/private/cakey.pem
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\texporting ROOT CA"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
-echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
-echo -e "\t\t##################\n"
-
-openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
-openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
-openssl x509 -inform PEM -outform DER -in root.pem -out root.der
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreating client certificate"
-echo -e "\t\tname : name-clt"
-echo -e "\t\tclient certificate stored as cert-clt.pem"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\t##################\n"
-
-openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
-openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
-
-openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever
-openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
-openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreating server certificate"
-echo -e "\t\tname : name-srv"
-echo -e "\t\tserver certificate stored as cert-srv.pem"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\t##################\n"
-
-openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
-openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
-
- openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
-openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
-openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
-
-echo -e "\n\t\t##################\n"
+++ /dev/null
-#!/bin/sh
-
-#
-# This is a NON-INTERACTIVE script to help generate certificates for
-# use with the EAP-TLS module.
-#
-# $Id$
-
-#
-# This environment variable should point to the SSL installation
-#
-[ "$SSL" = "" ] && SSL=/usr/local/ssl
-export SSL
-
-#
-# Edit the following variables for your organization.
-#
-COUNTRY="CA"
-PROVINCE="Province"
-CITY="Some City"
-ORGANIZATION="Organization"
-ORG_UNIT=`hostname`
-PASSWORD="whatever"
-
-COMMON_NAME_CLIENT="Client certificate"
-EMAIL_CLIENT="client@example.com"
-PASSWORD_CLIENT=$PASSWORD
-
-COMMON_NAME_SERVER="Server certificate"
-EMAIL_SERVER="server@example.com"
-PASSWORD_SERVER=$PASSWORD
-
-COMMON_NAME_ROOT="Root certificate"
-EMAIL_ROOT="root@example.com"
-PASSWORD_ROOT=$PASSWORD
-
-#
-# lifetime, in days, of the certs
-#
-LIFETIME=730
-
-######################################################################
-#
-# Don't change anything below this line...
-#
-######################################################################
-
-#
-# Prefer the SSL configured above, over any previous installation.
-#
-PATH=${SSL}/bin/:${SSL}/misc:${PATH}
-LD_LIBRARY_PATH=${SSL}/lib
-export PATH LD_LIBRARY_PATH
-
-rm -rf demoCA roo* cert* *.pem *.der
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreate private key"
-echo -e "\t\tname : name-root"
-echo -e "\t\tCA.pl -newcert"
-echo -e "\t\t##################\n"
-
-(echo $COUNTRY
-echo $PROVINCE
-echo $CITY
-echo $ORGANIZATION
-echo $ORG_UNIT
-echo $COMMON_NAME_CLIENT
-echo $EMAIL_CLIENT
-) | openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT
-if [ "$?" != "0" ]
-then
- echo "Failed to create client certificate"
- exit 1
-fi
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreate CA"
-echo -e "\t\tuse just created 'newreq.pem' private key as filename"
-echo -e "\t\tCA.pl -newca"
-echo -e "\t\t##################\n"
-
-echo "newreq.pem" | CA.pl -newca || exit 2
-
-#ls -lg demoCA/private/cakey.pem
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\texporting ROOT CA"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
-echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
-echo -e "\t\t##################\n"
-
-openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
-openssl pkcs12 -in root.p12 -out root.pem -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
-openssl x509 -inform PEM -outform DER -in root.pem -out root.der
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreating client certificate"
-echo -e "\t\tname : name-clt"
-echo -e "\t\tclient certificate stored as cert-clt.pem"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\t##################\n"
-
-(echo $COUNTRY
-echo $PROVINCE
-echo $CITY
-echo $ORGANIZATION
-echo $ORG_UNIT
-echo $COMMON_NAME_SERVER
-echo $EMAIL_SERVER
-echo $PASSWORD_SERVER
-echo "testing"
-) | openssl req -new -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
-if [ "$?" != "0" ]
-then
- echo "Failed to create server certificate"
- exit 1
-fi
-
-(echo y
-echo y) | openssl ca -policy policy_anything -out newcert.pem -passin pass:$PASSWORD_SEREVER -key $PASSWORD_SERVER -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
-if [ "$?" != "0" ]
-then
- echo "Failed to do sign certificate"
- exit 1
-fi
-
-openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT || exit 8
-openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT || exit 9
-openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der || exit 10
-
-echo -e ""
-echo -e "\t\t##################"
-echo -e "\t\tcreating server certificate"
-echo -e "\t\tname : name-srv"
-echo -e "\t\tserver certificate stored as cert-srv.pem"
-echo -e "\t\tCA.pl -newreq"
-echo -e "\t\tCA.pl -signreq"
-echo -e "\t\t##################\n"
-
-(echo $COUNTRY
-echo $PROVINCE
-echo $CITY
-echo $ORGANIZATION
-echo $ORG_UNIT
-echo $COMMON_NAME_ROOT
-echo $EMAIL_ROOT
-echo $PASSWORD_ROOT
-echo $ORG_UNIT
-) | openssl req -new -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
-if [ "$?" != "0" ]
-then
- echo "Failed to create root certificate"
- exit 1
-fi
-
-(echo y
-echo y) | openssl ca -policy policy_anything -out newcert.pem -passin pass:$PASSWORD_ROOT -key $PASSWORD_ROOT -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
-if [ "$?" != "0" ]
-then
- echo "Failed to sign root certificate"
- exit 1
-fi
-
-openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER || exit 5
-openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER || exit 6
-openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der || exit 7
-
-echo -e "\n\t\t#################################"
-echo -e "\t\tDONE. Thank you for your patience."
-echo -e "\t\t###################################\n"
+++ /dev/null
-#!/bin/sh
-# $Id$
-
-#
-# Set this variable to the location of your SSL installation.
-#
-[ "$SSL" = "" ] && SSL=/usr/local/ssl
-export SSL
-
-#
-# Don't touch the following text.
-#
-[ -d certs ] && rm -rf certs
-mkdir certs
-cp xpextensions certs/
-cd certs
-
-#
-# Generate DH stuff...
-#
-${SSL}/bin/openssl gendh > dh
-
-#
-# /dev/urandom is not a file, and we can't rely on "test -e" working
-# everywhere.
-#
-if ls /dev/urandom >/dev/null 2>&1
-then
- dd if=/dev/urandom of=random count=2 >/dev/null 2>&1
-else
- echo "Please replace this text with 1k of random data" > random
-fi
-
-rm -f CA.log
-../CA.certs > CA.log 2>&1
-if [ "$?" != "0" ]
-then
- echo " Certificate creation failed."
- echo " Please see the 'CA.log' file for messages,"
- echo " or read the 'CA.all' script, and run it by hand."
- echo
- echo " Sorry."
- exit 1
-fi
-echo " See the 'certs' directory for the certificates."
-echo " The 'certs' directory should be copied to .../etc/raddb/"
-echo " All passwords have been set to 'whatever'"
-rm -f CA.log xpextensions
-exit 0
projects / freeradius.git / commitdiff