mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
101 lines
2.4 KiB
Bash
101 lines
2.4 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
opensslcmd() {
|
||
|
LD_LIBRARY_PATH=../.. ../../apps/openssl $@
|
||
|
}
|
||
|
|
||
|
# report the openssl version
|
||
|
opensslcmd version
|
||
|
|
||
|
echo "Creating private keys and certs..."
|
||
|
|
||
|
#####
|
||
|
|
||
|
# root CA private key
|
||
|
opensslcmd genpkey \
|
||
|
-algorithm EC \
|
||
|
-pkeyopt ec_paramgen_curve:secp521r1 \
|
||
|
-pkeyopt ec_param_enc:named_curve \
|
||
|
-out root-key.pem
|
||
|
|
||
|
# root CA certificate (self-signed)
|
||
|
opensslcmd req \
|
||
|
-config ca.cnf \
|
||
|
-x509 \
|
||
|
-days 3650 \
|
||
|
-key root-key.pem \
|
||
|
-subj /CN=TestRootCA \
|
||
|
-out root-cert.pem
|
||
|
#####
|
||
|
|
||
|
# intermediate CA private key
|
||
|
opensslcmd genpkey \
|
||
|
-algorithm EC \
|
||
|
-pkeyopt ec_paramgen_curve:secp384r1 \
|
||
|
-pkeyopt ec_param_enc:named_curve \
|
||
|
-out intermediate-key.pem
|
||
|
|
||
|
# intermediate CA certificate-signing-request
|
||
|
opensslcmd req \
|
||
|
-config ca.cnf \
|
||
|
-new \
|
||
|
-key intermediate-key.pem \
|
||
|
-subj /CN=TestIntermediateCA \
|
||
|
-out intermediate-csr.pem
|
||
|
|
||
|
# intermediate CA certificate (signed by root CA)
|
||
|
opensslcmd req \
|
||
|
-config ca.cnf \
|
||
|
-x509 \
|
||
|
-days 1825 \
|
||
|
-CA root-cert.pem \
|
||
|
-CAkey root-key.pem \
|
||
|
-in intermediate-csr.pem \
|
||
|
-copy_extensions copyall \
|
||
|
-out intermediate-cert.pem
|
||
|
#####
|
||
|
|
||
|
# server key
|
||
|
opensslcmd genpkey \
|
||
|
-algorithm EC \
|
||
|
-pkeyopt ec_paramgen_curve:prime256v1 \
|
||
|
-pkeyopt ec_param_enc:named_curve \
|
||
|
-out server-key.pem
|
||
|
|
||
|
# server certificate-signing-request
|
||
|
opensslcmd req \
|
||
|
-config ca.cnf \
|
||
|
-extensions usr_cert \
|
||
|
-new \
|
||
|
-key server-key.pem \
|
||
|
-subj /CN=TestServerCA \
|
||
|
-out server-csr.pem
|
||
|
|
||
|
# server certificate (signed by intermediate CA)
|
||
|
opensslcmd req \
|
||
|
-config ca.cnf \
|
||
|
-extensions usr_cert \
|
||
|
-x509 \
|
||
|
-days 365 \
|
||
|
-CA intermediate-cert.pem \
|
||
|
-CAkey intermediate-key.pem \
|
||
|
-in server-csr.pem \
|
||
|
-copy_extensions copyall \
|
||
|
-out server-cert.pem
|
||
|
#####
|
||
|
|
||
|
rm -f index.txt index.txt.attr
|
||
|
echo -n > index.txt
|
||
|
opensslcmd ca \
|
||
|
-config ca.cnf \
|
||
|
-valid server-cert.pem \
|
||
|
-keyfile intermediate-key.pem \
|
||
|
-cert intermediate-cert.pem
|
||
|
rm -f index.txt.old
|
||
|
#####
|
||
|
|
||
|
cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
|
||
|
cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
|
||
|
|
||
|
echo "Done."
|