1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
#!/bin/sh
# **********************************************************************
#
# Copyright (c) 2003-2009 ZeroC, Inc. All rights reserved.
#
# This copy of Ice is licensed to you under the terms described in the
# ICE_LICENSE file included in this distribution.
#
# **********************************************************************
TMP=tmp
#
# Generate RSA certificates and keys.
#
if ! [ -f cakey1.pem ]; then
if [ -d $TMP ]; then
rm -rf $TMP
fi
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
#
# Generate CA certificates. Also make copies of the certificates using their
# hash values as filenames, which allows OpenSSL to find them at run time.
#
openssl req -config test_ca1.cnf -x509 -days 3650 -newkey rsa -keyout cakey1.pem -out cacert1.pem \
-outform PEM -nodes
openssl req -config test_ca2.cnf -x509 -days 3650 -newkey rsa -keyout cakey2.pem -out cacert2.pem \
-outform PEM -nodes
cp cacert1.pem `openssl x509 -hash -noout -in cacert1.pem`.0
cp cacert2.pem `openssl x509 -hash -noout -in cacert2.pem`.1
#
# Create a server certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem
#
# Create a server certificate and key (with password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config server.cnf -newkey rsa -passout pass:server -keyout s_rsa_pass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_pass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem -key server
#
# Create an expired server certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca1_exp_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca1_exp_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem -enddate 051231000000Z
#
# Create a client certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem
#
# Create a client certificate and key (with password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config client.cnf -newkey rsa -passout pass:client -keyout c_rsa_pass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_pass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem -key server
#
# Create an expired client certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca1_exp_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca1_exp_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem -enddate 051231000000Z
#
# Create a server certificate and key (no password) using a different CA.
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca2_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca2_pub.pem \
-cert cacert2.pem -keyfile cakey2.pem
#
# Create a client certificate and key (no password) using a different CA.
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca2_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca2_pub.pem \
-cert cacert2.pem -keyfile cakey2.pem
rm -f dsaparam1024.pem
fi
#
# Generate DSA parameters and keys.
#
if ! [ -f dsaparam1024.pem ]; then
if [ -d $TMP ]; then
rm -rf $TMP
fi
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl dsaparam -out dsaparam1024.pem -outform PEM 1024
#
# Create a server certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config server.cnf -newkey dsa:dsaparam1024.pem -nodes -keyout s_dsa_nopass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_dsa_nopass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem
#
# Create a client certificate and key (no password).
#
rm -rf $TMP
mkdir $TMP
echo '01' > $TMP/serial
touch $TMP/index.txt
openssl req -config client.cnf -newkey dsa:dsaparam1024.pem -nodes -keyout c_dsa_nopass_ca1_priv.pem \
-keyform PEM -out $TMP/req.pem
openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_dsa_nopass_ca1_pub.pem \
-cert cacert1.pem -keyfile cakey1.pem
fi
|
