From: Felix Dörre <felix@dogcraft.de>
Date: Thu, 3 Jul 2014 09:41:25 +0000 (+0200)
Subject: Merge branch 'libs/jetty/sni_clean'
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=474942bce8bf8f8e4d777c93b332bc64fc724824;hp=ad7a401ad98da5a8a33e60d39789e941aa8ccfc4

Merge branch 'libs/jetty/sni_clean'
---

diff --git a/doc/scripts/.gitignore b/doc/scripts/.gitignore
index 3574a98a..a90e325f 100644
--- a/doc/scripts/.gitignore
+++ b/doc/scripts/.gitignore
@@ -1,3 +1,5 @@
 *.crt
-jetty.csr
-jetty.key
+*.csr
+*.key
+*.pkcs12
+testca
diff --git a/doc/scripts/generateKeys.sh b/doc/scripts/generateKeys.sh
index 26a01ce3..545b12a4 100755
--- a/doc/scripts/generateKeys.sh
+++ b/doc/scripts/generateKeys.sh
@@ -1,7 +1,33 @@
 #!/bin/sh
-# this script generates a simple self-signed keypair
+# this script generates a set of sample keys
 
-openssl genrsa -out jetty.key 4096
-openssl req -new -key jetty.key -out jetty.csr -subj "/CN=localhost" -config selfsign.config
-openssl x509 -req -days 365 -in jetty.csr -signkey jetty.key -out jetty.crt
-openssl pkcs12 -inkey jetty.key -in jetty.crt -export -passout pass: -out ../../config/keystore.pkcs12
+rm -Rf *.csr *.crt *.key *.pkcs12 testca
+
+openssl genrsa -out testca.key 4096
+openssl req -new -key testca.key -out testca.csr -subj "/CN=local cacert-gigi testCA" -config selfsign.config
+openssl x509 -req -days 365 -in testca.csr -signkey testca.key -out testca.crt
+
+mkdir testca
+mkdir testca/newcerts
+echo 01 > testca/serial
+touch testca/db
+echo unique_subject = no >testca/db.attr
+
+genserver(){
+
+openssl genrsa -out $1.key 4096
+openssl req -new -key $1.key -out $1.csr -subj "/CN=$1.cacert.local" -config selfsign.config
+openssl ca -cert testca.crt -keyfile testca.key -in $1.csr -out $1.crt -days 356 -batch -config selfsign.config
+
+openssl pkcs12 -inkey $1.key -in $1.crt -name $1 -export -passout pass: -out $1.pkcs12
+
+keytool -importkeystore -noprompt -srckeystore $1.pkcs12 -destkeystore ../../config/keystore.pkcs12 -srcstoretype pkcs12 -deststoretype pkcs12 -srcstorepass "" -deststorepass ""
+
+}
+
+genserver www
+genserver secure
+genserver static
+genserver api
+
+keytool -list -keystore ../../config/keystore.pkcs12 -storetype pkcs12 -storepass ""
diff --git a/doc/scripts/selfsign.config b/doc/scripts/selfsign.config
index 4962f724..1b98363a 100644
--- a/doc/scripts/selfsign.config
+++ b/doc/scripts/selfsign.config
@@ -7,3 +7,29 @@ commonName = cn
 
 [ext]
 subjectAltName=
+
+[ca]
+default_ca=ca1
+
+[ca1]
+new_certs_dir=testca/newcerts
+database=testca/db
+serial=testca/serial
+default_md=sha256
+email_in_dn=salat
+policy=ca1_pol
+#default_days=365
+x509_extensions = v3_ca 
+
+
+
+[ v3_ca ]
+
+basicConstraints        = critical, CA:FALSE
+keyUsage                = critical, digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage        = clientAuth, serverAuth, nsSGC, msSGC
+
+
+[ca1_pol]
+commonName              = optional
+subjectAltName          = optional