programs/ssl/test-ca/gen_test_ca.sh

   1 #!/bin/sh
   2 rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
   3
   4 touch index
   5 echo "01" > serial
   6
   7 echo "Generating CA"
   8 openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
   9             -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
  10
  11 echo "Generating rest"
  12 openssl genrsa -out server1.key 2048
  13 openssl genrsa -out server2.key 2048
  14 openssl genrsa -out client1.key 2048
  15 openssl genrsa -out client2.key 2048
  16
  17 echo "Generating requests"
  18 openssl req -config sslconf.txt -new -key server1.key -out server1.req
  19 openssl req -config sslconf.txt -new -key server2.key -out server2.req
  20 openssl req -config sslconf.txt -new -key client1.key -out client1.req
  21 openssl req -config sslconf.txt -new -key client2.key -out client2.req
  22
  23 echo "Signing requests"
  24 openssl ca -config sslconf.txt -in server1.req -out server1.crt
  25 openssl ca -config sslconf.txt -in server2.req -out server2.crt
  26 openssl ca -config sslconf.txt -in client1.req -out client1.crt
  27 openssl ca -config sslconf.txt -in client2.req -out client2.crt
  28
  29 echo "Revoking firsts"
  30 openssl ca -config sslconf.txt -revoke server1.crt
  31 openssl ca -config sslconf.txt -revoke client1.crt
  32 openssl ca -config sslconf.txt -gencrl -out crl.pem
  33
  34 echo "Verifying second"
  35 openssl x509 -in server2.crt -text -noout
  36 cat test-ca.crt crl.pem > ca_crl.pem
  37 openssl verify -CAfile ca_crl.pem -crl_check server2.crt
  38 rm ca_crl.pem
  39
  40 echo "Generating PKCS12"
  41 openssl pkcs12 -export -in client2.crt -inkey client2.key \
  42                       -out client2.pfx
  43
  44 rm *.old *.req