3
# This script will re-make all the required certs.
5
# sh ../util/mkcerts.sh
6
# mv ca-cert.pem pca-cert.pem ../certs
8
# cat certs/*.pem >>apps/server.pem
9
# cat certs/*.pem >>apps/server2.pem
10
# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
11
# sh tools/c_rehash certs
15
SSLEAY="../apps/openssl"
16
CONF="-config ../apps/openssl.cnf"
19
echo creating $CAbits bit PCA cert request
21
-new -md5 -newkey $CAbits \
23
-out pca-req.pem -nodes >/dev/null <<EOF
36
echo problems generating PCA request
43
$SSLEAY x509 -md5 -days 1461 \
44
-req -signkey pca-key.pem \
45
-CAcreateserial -CAserial pca-cert.srl \
46
-in pca-req.pem -out pca-cert.pem
49
echo problems self signing PCA cert
55
echo creating $CAbits bit CA cert request
57
-new -md5 -newkey $CAbits \
59
-out ca-req.pem -nodes >/dev/null <<EOF
72
echo problems generating CA request
79
$SSLEAY x509 -md5 -days 1461 \
81
-CAcreateserial -CAserial pca-cert.srl \
82
-CA pca-cert.pem -CAkey pca-key.pem \
83
-in ca-req.pem -out ca-cert.pem
86
echo problems signing CA cert
91
# create server request.
92
echo creating 512 bit server cert request
94
-new -md5 -newkey 512 \
95
-keyout s512-key.pem \
96
-out s512-req.pem -nodes >/dev/null <<EOF
102
Server test cert (512 bit)
109
echo problems generating 512 bit server cert request
115
echo signing 512 bit server cert
116
$SSLEAY x509 -md5 -days 365 \
118
-CAcreateserial -CAserial ca-cert.srl \
119
-CA ca-cert.pem -CAkey ca-key.pem \
120
-in s512-req.pem -out server.pem
123
echo problems signing 512 bit server cert
128
# create 1024 bit server request.
129
echo creating 1024 bit server cert request
131
-new -md5 -newkey 1024 \
132
-keyout s1024key.pem \
133
-out s1024req.pem -nodes >/dev/null <<EOF
139
Server test cert (1024 bit)
146
echo problems generating 1024 bit server cert request
152
echo signing 1024 bit server cert
153
$SSLEAY x509 -md5 -days 365 \
155
-CAcreateserial -CAserial ca-cert.srl \
156
-CA ca-cert.pem -CAkey ca-key.pem \
157
-in s1024req.pem -out server2.pem
160
echo problems signing 1024 bit server cert
165
# create 512 bit client request.
166
echo creating 512 bit client cert request
168
-new -md5 -newkey 512 \
169
-keyout c512-key.pem \
170
-out c512-req.pem -nodes >/dev/null <<EOF
176
Client test cert (512 bit)
183
echo problems generating 512 bit client cert request
189
echo signing 512 bit client cert
190
$SSLEAY x509 -md5 -days 365 \
192
-CAcreateserial -CAserial ca-cert.srl \
193
-CA ca-cert.pem -CAkey ca-key.pem \
194
-in c512-req.pem -out client.pem
197
echo problems signing 512 bit client cert
203
cat pca-key.pem >> pca-cert.pem
204
cat ca-key.pem >> ca-cert.pem
205
cat s512-key.pem >> server.pem
206
cat s1024key.pem >> server2.pem
207
cat c512-key.pem >> client.pem
209
for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
211
$SSLEAY x509 -issuer -subject -in $i -noout >$$
217
#/bin/rm -f *key.pem *req.pem *.srl