4 $ if f$getsyi("cpu") .ge. 128 then -
5 __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
6 $ if __arch .eqs. "" then __arch = "UNK"
8 $ if (p1 .eqs. "64") then __arch = __arch+ "_64"
10 $ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
13 $ reqcmd = "mcr ''exe_dir'openssl req"
14 $ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
15 $ verifycmd = "mcr ''exe_dir'openssl verify"
16 $ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
18 $ CAkey="""keyCA.ss"""
19 $ CAcert="""certCA.ss"""
20 $ CAreq="""reqCA.ss"""
21 $ CAconf="""CAss.cnf"""
22 $ CAreq2="""req2CA.ss""" ! temp
27 $ Ucert="""certU.ss"""
30 $ write sys$output "make a certificate request using 'req'"
33 $ define/user sys$output nla0:
34 $ mcr 'exe_dir'openssl no-rsa
35 $ save_severity=$SEVERITY
39 $ req_new="-newkey dsa:[-.apps]dsa512.pem"
44 $ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
47 $ write sys$output "error using 'req' to generate a certificate request"
51 $ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
52 $ define /user sys$output err.ss
53 $ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
56 $ write sys$output "error using 'x509' to self sign a certificate request"
61 $ write sys$output "convert a certificate into a certificate request using 'x509'"
62 $ define /user sys$output err.ss
63 $ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
66 $ write sys$output "error using 'x509' convert a certificate to a certificate request"
70 $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
73 $ write sys$output "first generated request is invalid"
77 $ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
80 $ write sys$output "second generated request is invalid"
84 $ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
87 $ write sys$output "first generated cert is invalid"
92 $ write sys$output "make another certificate request using 'req'"
93 $ define /user sys$output err.ss
94 $ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
97 $ write sys$output "error using 'req' to generate a certificate request"
101 $ write sys$output ""
102 $ write sys$output "sign certificate request with the just created CA via 'x509'"
103 $ define /user sys$output err.ss
104 $ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
105 $ if $severity .ne. 1
107 $ write sys$output "error using 'x509' to sign a certificate request"
111 $ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
112 $ write sys$output ""
113 $ write sys$output "Certificate details"
114 $ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
116 $ write sys$output ""
117 $ write sys$output "The generated CA certificate is ",CAcert
118 $ write sys$output "The generated CA private key is ",CAkey
120 $ write sys$output "The generated user certificate is ",Ucert
121 $ write sys$output "The generated user private key is ",Ukey
123 $ if f$search("err.ss;*") .nes. "" then delete err.ss;*