X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=keys%2FgenerateKeys.sh;h=e9f75a7340b7fa1b00147e837b6ab4d6eadd9503;hp=e316cb6087f98a792a7d84417e96fa3c590da03c;hb=40ac8e40f03b0ae8db51ba89ea476de114bdde41;hpb=8959f2a060d50516711d2c9677ec83f297f44f35 diff --git a/keys/generateKeys.sh b/keys/generateKeys.sh index e316cb60..e9f75a73 100755 --- a/keys/generateKeys.sh +++ b/keys/generateKeys.sh @@ -1,10 +1,10 @@ -#!/bin/bash +#!/bin/sh # this script generates a set of sample keys DOMAIN="cacert.local" KEYSIZE=4096 PRIVATEPW="changeit" -[ -f config ] && . config +[ -f config ] && . ./config rm -Rf *.csr *.crt *.key *.pkcs12 *.ca *.crl @@ -35,6 +35,16 @@ authorityKeyIdentifier = keyid:always,issuer:always #authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ TESTCA +cat < test_reqClient.cnf +basicConstraints = critical,CA:false +keyUsage = keyEncipherment, digitalSignature +extendedKeyUsage=clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +#crlDistributionPoints=URI:http://www.my.host/ca.crl +#authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +TESTCA + cat < test_reqMail.cnf basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature @@ -46,7 +56,7 @@ authorityKeyIdentifier = keyid:always,issuer:always TESTCA -function genca(){ #subj, internalName +genca(){ #subj, internalName openssl genrsa -out $2.key ${KEYSIZE} openssl req -new -key $2.key -out $2.csr -subj "$1/O=Test Environment CA Ltd./OU=Test Environment CAs" @@ -59,17 +69,17 @@ function genca(){ #subj, internalName } -function caSign(){ # key,ca,config - pushd $2.ca +caSign(){ # key,ca,config + cd $2.ca openssl ca -cert ../$2.crt -keyfile ../$2.key -in ../$1.csr -out ../$1.crt -days 365 -batch -config ../selfsign.config -extfile ../$3 - popd + cd .. } -function rootSign(){ # key +rootSign(){ # key caSign $1 root test_subca.cnf } -function genserver(){ #key, subject, config +genserver(){ #key, subject, config openssl genrsa -out $1.key ${KEYSIZE} openssl req -new -key $1.key -out $1.csr -subj "$2" -config selfsign.config caSign $1 env "$3" @@ -110,10 +120,17 @@ genserver secure "/CN=secure.${DOMAIN}" test_req.cnf genserver static "/CN=static.${DOMAIN}" test_req.cnf genserver api "/CN=api.${DOMAIN}" test_req.cnf +genserver signer_client "/CN=CAcert signer handler 1" test_reqClient.cnf +genserver signer_server "/CN=CAcert signer 1" test_req.cnf + # then the email signing key genserver mail "/emailAddress=support@${DOMAIN}" test_reqMail.cnf keytool -list -keystore ../config/keystore.pkcs12 -storetype pkcs12 -storepass "$PRIVATEPW" -rm test_ca.cnf test_subca.cnf test_req.cnf test_reqMail.cnf +rm test_ca.cnf test_subca.cnf test_req.cnf test_reqMail.cnf test_reqClient.cnf rm env.chain.crt + +cat root.crt env.crt > ca.crt +tar cf signer_bundle.tar root.crt env.crt signer_client.crt signer_client.key signer_server.crt signer_server.key ca.crt +rm ca.crt