if not defined FQDN goto guess_fqdn
:generate
-set PATH=%PREFIX%..\..\lib;%PREFIX%..\..\bin
+set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\
set CNF="%PREFIX%sp-cert.cnf"
echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%
echo [req] >>%CNF%
echo [ext] >>%CNF%
if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)
echo subjectKeyIdentifier=hash >>%CNF%
-%PREFIX%..\..\bin\openssl.exe req -config %PREFIX%sp-cert.cnf -new -x509 -days %DAYS% -keyout %PREFIX%sp-key.pem -out %PREFIX%sp-cert.pem
+openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%PREFIX%sp-key.pem" -out "%PREFIX%sp-cert.pem"
del %CNF%
exit /b
for /F %%i in ('hostname') do set HOST=%%i
if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)
-echo >%FQDN%
+echo >"%FQDN%"
for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i
del %FQDN%
goto generate
+++ /dev/null
-@echo off\r
-setlocal\r
-\r
-set DAYS=\r
-set YEARS=\r
-set FQDN=\r
-set ENTITYID=\r
-set TEMP_DOMAIN_NAME=\r
-set PARAM=\r
-\r
-set PREFIX=%~dp0\r
-\r
-:opt_start\r
-set PARAM=%1\r
-if not defined PARAM goto opt_end\r
-if %1==-h goto opt_fqdn\r
-if %1==-e goto opt_entityid\r
-if %1==-y goto opt_years\r
-if %1==-f goto opt_force\r
-goto usage\r
-:opt_end\r
-\r
-if exist "%PREFIX%sp-key.pem" goto protect\r
-if exist "%PREFIX%sp-cert.pem" goto protect\r
-\r
-if not defined YEARS set YEARS=10\r
-set /a DAYS=%YEARS%*365\r
-\r
-if not defined FQDN goto guess_fqdn\r
-\r
-:generate\r
-set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\\r
-set CNF="%PREFIX%sp-cert.cnf"\r
-echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%\r
-echo [req] >>%CNF%\r
-echo prompt=no >>%CNF%\r
-echo default_bits=2048 >>%CNF%\r
-echo encrypt_key=no >>%CNF%\r
-echo default_md=sha1 >>%CNF%\r
-echo distinguished_name=dn >>%CNF%\r
-echo # PrintableStrings only >>%CNF%\r
-echo string_mask=MASK:0002 >>%CNF%\r
-echo x509_extensions=ext >>%CNF%\r
-echo [dn] >>%CNF%\r
-echo CN=%FQDN% >>%CNF%\r
-echo [ext] >>%CNF%\r
-if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)\r
-echo subjectKeyIdentifier=hash >>%CNF%\r
-openssl.exe req -config %CNF% -new -x509 -days %DAYS% -keyout "%PREFIX%sp-key.pem" -out "%PREFIX%sp-cert.pem"\r
-del %CNF%\r
-exit /b\r
-\r
-:protect\r
-echo The files sp-key.pem and/or sp-cert.pem already exist!\r
-echo Use -f option to force recreation of keypair.\r
-exit /b\r
-\r
-:opt_force\r
-if exist "%PREFIX%sp-key.pem" del "%PREFIX%sp-key.pem"\r
-if exist "%PREFIX%sp-cert.pem" del "%PREFIX%sp-cert.pem"\r
-shift\r
-goto opt_start\r
-\r
-:opt_fqdn\r
-set FQDN=%2\r
-shift\r
-shift\r
-goto opt_start\r
-\r
-:opt_entityid\r
-set ENTITYID=%2\r
-shift\r
-shift\r
-goto opt_start\r
-\r
-:opt_years\r
-set YEARS=%2\r
-shift\r
-shift\r
-goto opt_start\r
-\r
-:usage\r
-echo usage: keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]\r
-exit /b\r
-\r
-:guess_fqdn\r
-for /F "tokens=2 delims=:" %%i in ('"ipconfig /all | findstr /c:"Primary DNS Suffix" /c:"Primary Dns Suffix""') do set TEMP_DOMAIN_NAME=%%i\r
-if defined TEMP_DOMAIN_NAME set FQDN=%TEMP_DOMAIN_NAME: =%\r
-set TEMP_DOMAIN_NAME=\r
-if defined USERDNSDOMAIN set FQDN=%USERDNSDOMAIN%\r
-\r
-for /F %%i in ('hostname') do set HOST=%%i\r
-if defined FQDN (set FQDN=%HOST%.%FQDN%) else (set FQDN=%HOST%)\r
-\r
-echo >"%FQDN%"\r
-for /F %%i in ('dir /b/l %FQDN%') do set FQDN=%%i\r
-del %FQDN%\r
-goto generate\r