3
# The contents of this file are subject to the Mozilla Public
4
# License Version 1.1 (the "License"); you may not use this file
5
# except in compliance with the License. You may obtain a copy of
6
# the License at http://www.mozilla.org/MPL/
8
# Software distributed under the License is distributed on an "AS
9
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
10
# implied. See the License for the specific language governing
11
# rights and limitations under the License.
13
# The Original Code is the Netscape security libraries.
15
# The Initial Developer of the Original Code is Netscape
16
# Communications Corporation. Portions created by Netscape are
17
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
22
# Alternatively, the contents of this file may be used under the
23
# terms of the GNU General Public License Version 2 or later (the
24
# "GPL"), in which case the provisions of the GPL are applicable
25
# instead of those above. If you wish to allow use of your
26
# version of this file only under the terms of the GPL and not to
27
# allow others to use your version of this file under the MPL,
28
# indicate your decision by deleting the provisions above and
29
# replace them with the notice and other provisions required by
30
# the GPL. If you do not delete the provisions above, a recipient
31
# may use your version of this file under either the MPL or the
35
# Script to generate sample db files neccessary for SSL.
37
# Directory for db's, use in all subsequent -d flags.
42
echo sample > passfile
44
# Generate the db files, using the above password.
45
certutil -N -d SampleCertDBs -f passfile
47
# Generate the CA cert. This cert is self-signed and only useful for
48
# test purposes. Set the trust bits to allow it to sign SSL client/server
50
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
51
-s "CN=My Sample Root CA, O=My Organization" \
52
-m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
53
-d SampleCertDBs -f passfile
55
# Generate the server cert. This cert is signed by the CA cert generated
56
# above. The CN must be hostname.domain.[com|org|net|...].
57
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
58
-s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
59
-m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
60
-d SampleCertDBs -f passfile
62
# Generate the client cert. This cert is signed by the CA cert generated
64
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
65
-s "CN=My Client Cert, O=Client Organization" \
66
-m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
67
-d SampleCertDBs -f passfile
69
# Verify the certificates.
70
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
71
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
73
# Remove unneccessary files.
77
# You are now ready to run your client/server! Example command lines:
78
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
79
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com