3 # This script will re-make all the required certs.
5 # sh ../util/mkcerts.sh
6 # mv ca-cert.pem pca-cert.pem ../certs
8 # cat certs/*.pem >>apps/server.pem
9 # cat certs/*.pem >>apps/server2.pem
10 # SSLEAY=`pwd`/apps/ssleay; export SSLEAY
11 # sh tools/c_rehash certs
15 SSLEAY="../apps/openssl"
16 CONF="-config ../apps/openssl.cnf"
19 echo creating $CAbits bit PCA cert request
21 -new -sha256 -newkey $CAbits \
23 -out pca-req.pem -nodes >/dev/null <<EOF
36 echo problems generating PCA request
43 $SSLEAY x509 -sha256 -days 36525 \
44 -req -signkey pca-key.pem \
45 -CAcreateserial -CAserial pca-cert.srl \
46 -in pca-req.pem -out pca-cert.pem
49 echo problems self signing PCA cert
55 echo creating $CAbits bit CA cert request
57 -new -sha256 -newkey $CAbits \
59 -out ca-req.pem -nodes >/dev/null <<EOF
72 echo problems generating CA request
79 $SSLEAY x509 -sha256 -days 36525 \
81 -CAcreateserial -CAserial pca-cert.srl \
82 -CA pca-cert.pem -CAkey pca-key.pem \
83 -in ca-req.pem -out ca-cert.pem
86 echo problems signing CA cert
91 # create server request.
92 echo creating 512 bit server cert request
94 -new -sha256 -newkey 512 \
95 -keyout s512-key.pem \
96 -out s512-req.pem -nodes >/dev/null <<EOF
102 Server test cert (512 bit)
109 echo problems generating 512 bit server cert request
115 echo signing 512 bit server cert
116 $SSLEAY x509 -sha256 -days 36525 \
118 -CAcreateserial -CAserial ca-cert.srl \
119 -CA ca-cert.pem -CAkey ca-key.pem \
120 -in s512-req.pem -out server.pem
123 echo problems signing 512 bit server cert
128 # create 1024 bit server request.
129 echo creating 1024 bit server cert request
131 -new -sha256 -newkey 1024 \
132 -keyout s1024key.pem \
133 -out s1024req.pem -nodes >/dev/null <<EOF
139 Server test cert (1024 bit)
146 echo problems generating 1024 bit server cert request
152 echo signing 1024 bit server cert
153 $SSLEAY x509 -sha256 -days 36525 \
155 -CAcreateserial -CAserial ca-cert.srl \
156 -CA ca-cert.pem -CAkey ca-key.pem \
157 -in s1024req.pem -out server2.pem
160 echo problems signing 1024 bit server cert
165 # create 512 bit client request.
166 echo creating 512 bit client cert request
168 -new -sha256 -newkey 512 \
169 -keyout c512-key.pem \
170 -out c512-req.pem -nodes >/dev/null <<EOF
176 Client test cert (512 bit)
183 echo problems generating 512 bit client cert request
189 echo signing 512 bit client cert
190 $SSLEAY x509 -sha256 -days 36525 \
192 -CAcreateserial -CAserial ca-cert.srl \
193 -CA ca-cert.pem -CAkey ca-key.pem \
194 -in c512-req.pem -out client.pem
197 echo problems signing 512 bit client cert
203 cat pca-key.pem >> pca-cert.pem
204 cat ca-key.pem >> ca-cert.pem
205 cat s512-key.pem >> server.pem
206 cat s1024key.pem >> server2.pem
207 cat c512-key.pem >> client.pem
209 for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
211 $SSLEAY x509 -issuer -subject -in $i -noout >$$
217 #/bin/rm -f *key.pem *req.pem *.srl