Acasă Explorează Ajutor
Înregistrare Autentificare
Apq
/
winscp
oglindă de https://github.com/winscp/winscp.git
1
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Ramură: thirdparty_dev
Ramuri Etichete
winscp
/
libs
/
openssl
/
test
/
ocsp-tests
/
mk-ocsp-cert-chain.sh

mk-ocsp-cert-chain.sh 2.4 KB
Permalink Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. #!/bin/sh
    2. 

  2. 

  3. opensslcmd() {
    4. 

  4.     LD_LIBRARY_PATH=../.. ../../apps/openssl $@
    5. 

  5. }
    6. 

  6. 

  7. # report the openssl version
    8. 

  8. opensslcmd version
    9. 

  9. 

  10. echo "Creating private keys and certs..."
    11. 

  11. 

  12. #####
    13. 

  13. 

  14. # root CA private key
    15. 

  15. opensslcmd genpkey \
    16. 

  16.            -algorithm EC \
    17. 

  17.            -pkeyopt ec_paramgen_curve:secp521r1 \
    18. 

  18.            -pkeyopt ec_param_enc:named_curve \
    19. 

  19.            -out root-key.pem
    20. 

  20. 

  21. # root CA certificate (self-signed)
    22. 

  22. opensslcmd req \
    23. 

  23.            -config ca.cnf \
    24. 

  24.            -x509 \
    25. 

  25.            -days 3650 \
    26. 

  26.            -key root-key.pem \
    27. 

  27.            -subj /CN=TestRootCA \
    28. 

  28.            -out root-cert.pem
    29. 

  29. #####
    30. 

  30. 

  31. # intermediate CA private key
    32. 

  32. opensslcmd genpkey \
    33. 

  33.            -algorithm EC \
    34. 

  34.            -pkeyopt ec_paramgen_curve:secp384r1 \
    35. 

  35.            -pkeyopt ec_param_enc:named_curve \
    36. 

  36.            -out intermediate-key.pem
    37. 

  37. 

  38. # intermediate CA certificate-signing-request
    39. 

  39. opensslcmd req \
    40. 

  40.            -config ca.cnf \
    41. 

  41.            -new \
    42. 

  42.            -key intermediate-key.pem \
    43. 

  43.            -subj /CN=TestIntermediateCA \
    44. 

  44.            -out intermediate-csr.pem
    45. 

  45. 

  46. # intermediate CA certificate (signed by root CA)
    47. 

  47. opensslcmd req \
    48. 

  48.            -config ca.cnf \
    49. 

  49.            -x509 \
    50. 

  50.            -days 1825 \
    51. 

  51.            -CA root-cert.pem \
    52. 

  52.            -CAkey root-key.pem \
    53. 

  53.            -in intermediate-csr.pem \
    54. 

  54.            -copy_extensions copyall \
    55. 

  55.            -out intermediate-cert.pem
    56. 

  56. #####
    57. 

  57. 

  58. # server key
    59. 

  59. opensslcmd genpkey \
    60. 

  60.            -algorithm EC \
    61. 

  61.            -pkeyopt ec_paramgen_curve:prime256v1 \
    62. 

  62.            -pkeyopt ec_param_enc:named_curve \
    63. 

  63.            -out server-key.pem
    64. 

  64. 

  65. # server certificate-signing-request
    66. 

  66. opensslcmd req \
    67. 

  67.            -config ca.cnf \
    68. 

  68. 	   -extensions usr_cert \
    69. 

  69.            -new \
    70. 

  70.            -key server-key.pem \
    71. 

  71.            -subj /CN=TestServerCA \
    72. 

  72.            -out server-csr.pem
    73. 

  73. 

  74. # server certificate (signed by intermediate CA)
    75. 

  75. opensslcmd req \
    76. 

  76.            -config ca.cnf \
    77. 

  77. 	   -extensions usr_cert \
    78. 

  78.            -x509 \
    79. 

  79.            -days 365 \
    80. 

  80.            -CA intermediate-cert.pem \
    81. 

  81.            -CAkey intermediate-key.pem \
    82. 

  82.            -in server-csr.pem \
    83. 

  83.            -copy_extensions copyall \
    84. 

  84.            -out server-cert.pem
    85. 

  85. #####
    86. 

  86. 

  87. rm -f index.txt index.txt.attr
    88. 

  88. echo -n > index.txt
    89. 

  89. opensslcmd ca \
    90. 

  90. 	   -config ca.cnf \
    91. 

  91. 	   -valid server-cert.pem \
    92. 

  92. 	   -keyfile intermediate-key.pem \
    93. 

  93. 	   -cert intermediate-cert.pem
    94. 

  94. rm -f index.txt.old
    95. 

  95. #####
    96. 

  96. 

  97. cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
    98. 

  98. cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
    99. 

  99. 

  100. echo "Done."
    101.