3 # Copyright 2015 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
7 # Generates the following tree of certificates:
8 # root (self-signed root)
10 # \--> l1_leaf (end-entity)
15 echo "*** ERROR $e *** $@ " > /dev
/stderr
20 # Create a self-signed CA cert with CommonName CN and store it at $1.pem .
22 try
/bin
/sh
-c "echo 01 > out/${1}-serial"
23 try
touch out
/${1}-index.txt
24 try openssl genrsa
-out out
/${1}.key
2048
37 -signkey out
/${1}.key \
39 -extensions ca_cert
> out
/${1}.pem
41 try
cp out
/${1}.pem
${1}.pem
44 # Create a cert with CommonName CN signed by CA_ID and store it at $1.der .
45 # $2 must either be "leaf_cert" (for a server/user cert) or "ca_cert" (for a
47 # Stores the private key at $1.pk8 .
49 if [[ "$2" == "ca_cert" ]]
51 try
/bin
/sh
-c "echo 01 > out/${1}-serial"
52 try
touch out
/${1}-index.txt
56 -keyout out
/${1}.key \
67 try openssl pkcs8
-topk8 -in out
/${1}.key
-out ${1}.pk8
-outform DER
-nocrypt
69 try openssl x509
-in out
/${1}.pem
-outform DER
-out out
/${1}.der
70 try
cp out
/${1}.der
${1}.der
79 CA_ID
=root CN
=l1_leaf \
80 try issue_cert l1_leaf leaf_cert