1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- #!/bin/sh
- # Written by Christian Heimes
- set -e
-
- export CAOUTDIR=.
- export CATMPDIR=tmp
-
- rm -rf $CATMPDIR
- rm -rf ca.pem ca.key server.pem server.key client.pem client.key
- rm -rf cert9.db key4.db pkcs11.tx
-
- mkdir -p $CAOUTDIR
- mkdir -p $CATMPDIR
-
- touch $CATMPDIR/ca.db
- touch $CATMPDIR/ca.db.attr
- echo '01' > $CATMPDIR/ca.crt.srl
- echo '01' > $CATMPDIR/ca.crl.srl
-
- # root CA
- openssl req -new \
- -config ca.conf \
- -out $CATMPDIR/ca.csr \
- -keyout $CAOUTDIR/ca.key \
- -batch
-
- openssl ca -selfsign \
- -config ca.conf \
- -in $CATMPDIR/ca.csr \
- -out $CAOUTDIR/ca.pem \
- -extensions ca_ext \
- -days 3563 \
- -batch
-
- # server cert
- openssl req -new \
- -config server.conf \
- -out $CATMPDIR/server.csr \
- -keyout $CAOUTDIR/server.key \
- -batch
-
- openssl ca \
- -config ca.conf \
- -in $CATMPDIR/server.csr \
- -out $CAOUTDIR/server.pem \
- -policy match_pol \
- -extensions server_ext \
- -batch
-
- # client cert
- openssl req -new \
- -config client.conf \
- -out $CATMPDIR/client.csr \
- -keyout $CAOUTDIR/client.key \
- -batch
-
- openssl ca \
- -config ca.conf \
- -in $CATMPDIR/client.csr \
- -out $CAOUTDIR/client.pem \
- -policy match_pol \
- -extensions client_ext \
- -batch
-
- # cleanup
- rm -rf $CATMPDIR ca.key
-
- echo DONE
|