xref: /minix3/crypto/external/bsd/openssl/dist/demos/ssltest-ecc/RSAcertgen.sh (revision ebfedea0ce5bbe81e252ddf32d732e40fb633fae) 
1*ebfedea0SLionel Sambuc#!/bin/sh
2*ebfedea0SLionel Sambuc
3*ebfedea0SLionel Sambuc# For a list of supported curves, use "apps/openssl ecparam -list_curves".
4*ebfedea0SLionel Sambuc
5*ebfedea0SLionel Sambuc# Path to the openssl distribution
6*ebfedea0SLionel SambucOPENSSL_DIR=../..
7*ebfedea0SLionel Sambuc# Path to the openssl program
8*ebfedea0SLionel SambucOPENSSL_CMD=$OPENSSL_DIR/apps/openssl
9*ebfedea0SLionel Sambuc# Option to find configuration file
10*ebfedea0SLionel SambucOPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
11*ebfedea0SLionel Sambuc# Directory where certificates are stored
12*ebfedea0SLionel SambucCERTS_DIR=./Certs
13*ebfedea0SLionel Sambuc# Directory where private key files are stored
14*ebfedea0SLionel SambucKEYS_DIR=$CERTS_DIR
15*ebfedea0SLionel Sambuc# Directory where combo files (containing a certificate and corresponding
16*ebfedea0SLionel Sambuc# private key together) are stored
17*ebfedea0SLionel SambucCOMBO_DIR=$CERTS_DIR
18*ebfedea0SLionel Sambuc# cat command
19*ebfedea0SLionel SambucCAT=/bin/cat
20*ebfedea0SLionel Sambuc# rm command
21*ebfedea0SLionel SambucRM=/bin/rm
22*ebfedea0SLionel Sambuc# mkdir command
23*ebfedea0SLionel SambucMKDIR=/bin/mkdir
24*ebfedea0SLionel Sambuc# The certificate will expire these many days after the issue date.
25*ebfedea0SLionel SambucDAYS=1500
26*ebfedea0SLionel SambucTEST_CA_FILE=rsa1024TestCA
27*ebfedea0SLionel SambucTEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
28*ebfedea0SLionel Sambuc
29*ebfedea0SLionel SambucTEST_SERVER_FILE=rsa1024TestServer
30*ebfedea0SLionel SambucTEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
31*ebfedea0SLionel Sambuc
32*ebfedea0SLionel SambucTEST_CLIENT_FILE=rsa1024TestClient
33*ebfedea0SLionel SambucTEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
34*ebfedea0SLionel Sambuc
35*ebfedea0SLionel Sambuc# Generating an EC certificate involves the following main steps
36*ebfedea0SLionel Sambuc# 1. Generating curve parameters (if needed)
37*ebfedea0SLionel Sambuc# 2. Generating a certificate request
38*ebfedea0SLionel Sambuc# 3. Signing the certificate request
39*ebfedea0SLionel Sambuc# 4. [Optional] One can combine the cert and private key into a single
40*ebfedea0SLionel Sambuc#    file and also delete the certificate request
41*ebfedea0SLionel Sambuc
42*ebfedea0SLionel Sambuc$MKDIR -p $CERTS_DIR
43*ebfedea0SLionel Sambuc$MKDIR -p $KEYS_DIR
44*ebfedea0SLionel Sambuc$MKDIR -p $COMBO_DIR
45*ebfedea0SLionel Sambuc
46*ebfedea0SLionel Sambucecho "Generating self-signed CA certificate (RSA)"
47*ebfedea0SLionel Sambucecho "==========================================="
48*ebfedea0SLionel Sambuc
49*ebfedea0SLionel Sambuc$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
50*ebfedea0SLionel Sambuc    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
51*ebfedea0SLionel Sambuc    -newkey rsa:1024 -new \
52*ebfedea0SLionel Sambuc    -out $CERTS_DIR/$TEST_CA_FILE.req.pem
53*ebfedea0SLionel Sambuc
54*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -req -days $DAYS \
55*ebfedea0SLionel Sambuc    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
56*ebfedea0SLionel Sambuc    -extfile $OPENSSL_DIR/apps/openssl.cnf \
57*ebfedea0SLionel Sambuc    -extensions v3_ca \
58*ebfedea0SLionel Sambuc    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
59*ebfedea0SLionel Sambuc    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
60*ebfedea0SLionel Sambuc
61*ebfedea0SLionel Sambuc# Display the certificate
62*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
63*ebfedea0SLionel Sambuc
64*ebfedea0SLionel Sambuc# Place the certificate and key in a common file
65*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
66*ebfedea0SLionel Sambuc	 > $COMBO_DIR/$TEST_CA_FILE.pem
67*ebfedea0SLionel Sambuc$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
68*ebfedea0SLionel Sambuc
69*ebfedea0SLionel Sambuc# Remove the cert request file (no longer needed)
70*ebfedea0SLionel Sambuc$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
71*ebfedea0SLionel Sambuc
72*ebfedea0SLionel Sambucecho "GENERATING A TEST SERVER CERTIFICATE (RSA)"
73*ebfedea0SLionel Sambucecho "=========================================="
74*ebfedea0SLionel Sambuc
75*ebfedea0SLionel Sambuc$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
76*ebfedea0SLionel Sambuc    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
77*ebfedea0SLionel Sambuc    -newkey rsa:1024 -new \
78*ebfedea0SLionel Sambuc    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
79*ebfedea0SLionel Sambuc
80*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -req -days $DAYS \
81*ebfedea0SLionel Sambuc    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
82*ebfedea0SLionel Sambuc    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
83*ebfedea0SLionel Sambuc    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
84*ebfedea0SLionel Sambuc    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
85*ebfedea0SLionel Sambuc
86*ebfedea0SLionel Sambuc# Display the certificate
87*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
88*ebfedea0SLionel Sambuc
89*ebfedea0SLionel Sambuc# Place the certificate and key in a common file
90*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
91*ebfedea0SLionel Sambuc	 > $COMBO_DIR/$TEST_SERVER_FILE.pem
92*ebfedea0SLionel Sambuc$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
93*ebfedea0SLionel Sambuc
94*ebfedea0SLionel Sambuc# Remove the cert request file (no longer needed)
95*ebfedea0SLionel Sambuc$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
96*ebfedea0SLionel Sambuc
97*ebfedea0SLionel Sambucecho "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
98*ebfedea0SLionel Sambucecho "=========================================="
99*ebfedea0SLionel Sambuc
100*ebfedea0SLionel Sambuc$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
101*ebfedea0SLionel Sambuc	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
102*ebfedea0SLionel Sambuc	     -newkey rsa:1024 -new \
103*ebfedea0SLionel Sambuc	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
104*ebfedea0SLionel Sambuc
105*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -req -days $DAYS \
106*ebfedea0SLionel Sambuc    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
107*ebfedea0SLionel Sambuc    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
108*ebfedea0SLionel Sambuc    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
109*ebfedea0SLionel Sambuc    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
110*ebfedea0SLionel Sambuc
111*ebfedea0SLionel Sambuc# Display the certificate
112*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
113*ebfedea0SLionel Sambuc
114*ebfedea0SLionel Sambuc# Place the certificate and key in a common file
115*ebfedea0SLionel Sambuc$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
116*ebfedea0SLionel Sambuc	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
117*ebfedea0SLionel Sambuc$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
118*ebfedea0SLionel Sambuc
119*ebfedea0SLionel Sambuc# Remove the cert request file (no longer needed)
120*ebfedea0SLionel Sambuc$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
121*ebfedea0SLionel Sambuc
122