1*ebfedea0SLionel Sambuc#!/bin/sh 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc# For a list of supported curves, use "apps/openssl ecparam -list_curves". 4*ebfedea0SLionel Sambuc 5*ebfedea0SLionel Sambuc# Path to the openssl distribution 6*ebfedea0SLionel SambucOPENSSL_DIR=../.. 7*ebfedea0SLionel Sambuc# Path to the openssl program 8*ebfedea0SLionel SambucOPENSSL_CMD=$OPENSSL_DIR/apps/openssl 9*ebfedea0SLionel Sambuc# Option to find configuration file 10*ebfedea0SLionel SambucOPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" 11*ebfedea0SLionel Sambuc# Directory where certificates are stored 12*ebfedea0SLionel SambucCERTS_DIR=./Certs 13*ebfedea0SLionel Sambuc# Directory where private key files are stored 14*ebfedea0SLionel SambucKEYS_DIR=$CERTS_DIR 15*ebfedea0SLionel Sambuc# Directory where combo files (containing a certificate and corresponding 16*ebfedea0SLionel Sambuc# private key together) are stored 17*ebfedea0SLionel SambucCOMBO_DIR=$CERTS_DIR 18*ebfedea0SLionel Sambuc# cat command 19*ebfedea0SLionel SambucCAT=/bin/cat 20*ebfedea0SLionel Sambuc# rm command 21*ebfedea0SLionel SambucRM=/bin/rm 22*ebfedea0SLionel Sambuc# mkdir command 23*ebfedea0SLionel SambucMKDIR=/bin/mkdir 24*ebfedea0SLionel Sambuc# The certificate will expire these many days after the issue date. 25*ebfedea0SLionel SambucDAYS=1500 26*ebfedea0SLionel SambucTEST_CA_FILE=rsa1024TestCA 27*ebfedea0SLionel Sambuc 28*ebfedea0SLionel SambucTEST_SERVER_CURVE=sect163r1 29*ebfedea0SLionel SambucTEST_SERVER_FILE=sect163r1-rsaTestServer 30*ebfedea0SLionel SambucTEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)" 31*ebfedea0SLionel Sambuc 32*ebfedea0SLionel SambucTEST_CLIENT_CURVE=sect163r1 33*ebfedea0SLionel SambucTEST_CLIENT_FILE=sect163r1-rsaTestClient 34*ebfedea0SLionel SambucTEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)" 35*ebfedea0SLionel Sambuc 36*ebfedea0SLionel Sambuc# Generating an EC certificate involves the following main steps 37*ebfedea0SLionel Sambuc# 1. Generating curve parameters (if needed) 38*ebfedea0SLionel Sambuc# 2. Generating a certificate request 39*ebfedea0SLionel Sambuc# 3. Signing the certificate request 40*ebfedea0SLionel Sambuc# 4. [Optional] One can combine the cert and private key into a single 41*ebfedea0SLionel Sambuc# file and also delete the certificate request 42*ebfedea0SLionel Sambuc 43*ebfedea0SLionel Sambuc$MKDIR -p $CERTS_DIR 44*ebfedea0SLionel Sambuc$MKDIR -p $KEYS_DIR 45*ebfedea0SLionel Sambuc$MKDIR -p $COMBO_DIR 46*ebfedea0SLionel Sambuc 47*ebfedea0SLionel Sambucecho "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)" 48*ebfedea0SLionel Sambucecho "==============================================================" 49*ebfedea0SLionel Sambuc$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem 50*ebfedea0SLionel Sambuc 51*ebfedea0SLionel Sambuc$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ 52*ebfedea0SLionel Sambuc -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ 53*ebfedea0SLionel Sambuc -newkey ec:$TEST_SERVER_CURVE.pem -new \ 54*ebfedea0SLionel Sambuc -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem 55*ebfedea0SLionel Sambuc 56*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -req -days $DAYS \ 57*ebfedea0SLionel Sambuc -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ 58*ebfedea0SLionel Sambuc -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 59*ebfedea0SLionel Sambuc -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 60*ebfedea0SLionel Sambuc -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial 61*ebfedea0SLionel Sambuc 62*ebfedea0SLionel Sambuc# Display the certificate 63*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel Sambuc# Place the certificate and key in a common file 66*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ 67*ebfedea0SLionel Sambuc > $COMBO_DIR/$TEST_SERVER_FILE.pem 68*ebfedea0SLionel Sambuc$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem 69*ebfedea0SLionel Sambuc 70*ebfedea0SLionel Sambuc# Remove the cert request file (no longer needed) 71*ebfedea0SLionel Sambuc$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem 72*ebfedea0SLionel Sambuc 73*ebfedea0SLionel Sambucecho "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)" 74*ebfedea0SLionel Sambucecho "==============================================================" 75*ebfedea0SLionel Sambuc$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem 76*ebfedea0SLionel Sambuc 77*ebfedea0SLionel Sambuc$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ 78*ebfedea0SLionel Sambuc -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ 79*ebfedea0SLionel Sambuc -newkey ec:$TEST_CLIENT_CURVE.pem -new \ 80*ebfedea0SLionel Sambuc -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 81*ebfedea0SLionel Sambuc 82*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -req -days $DAYS \ 83*ebfedea0SLionel Sambuc -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ 84*ebfedea0SLionel Sambuc -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ 85*ebfedea0SLionel Sambuc -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ 86*ebfedea0SLionel Sambuc -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial 87*ebfedea0SLionel Sambuc 88*ebfedea0SLionel Sambuc# Display the certificate 89*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text 90*ebfedea0SLionel Sambuc 91*ebfedea0SLionel Sambuc# Place the certificate and key in a common file 92*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ 93*ebfedea0SLionel Sambuc > $COMBO_DIR/$TEST_CLIENT_FILE.pem 94*ebfedea0SLionel Sambuc$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem 95*ebfedea0SLionel Sambuc 96*ebfedea0SLionel Sambuc# Remove the cert request file (no longer needed) 97*ebfedea0SLionel Sambuc$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem 98*ebfedea0SLionel Sambuc 99