1*ebfedea0SLionel Sambuc$! TESTSS.COM 2*ebfedea0SLionel Sambuc$ 3*ebfedea0SLionel Sambuc$ __arch = "VAX" 4*ebfedea0SLionel Sambuc$ if f$getsyi("cpu") .ge. 128 then - 5*ebfedea0SLionel Sambuc __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") 6*ebfedea0SLionel Sambuc$ if __arch .eqs. "" then __arch = "UNK" 7*ebfedea0SLionel Sambuc$! 8*ebfedea0SLionel Sambuc$ if (p1 .eqs. "64") then __arch = __arch+ "_64" 9*ebfedea0SLionel Sambuc$! 10*ebfedea0SLionel Sambuc$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" 11*ebfedea0SLionel Sambuc$ 12*ebfedea0SLionel Sambuc$ digest="-md5" 13*ebfedea0SLionel Sambuc$ reqcmd = "mcr ''exe_dir'openssl req" 14*ebfedea0SLionel Sambuc$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" 15*ebfedea0SLionel Sambuc$ verifycmd = "mcr ''exe_dir'openssl verify" 16*ebfedea0SLionel Sambuc$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" 17*ebfedea0SLionel Sambuc$ 18*ebfedea0SLionel Sambuc$ CAkey="""keyCA.ss""" 19*ebfedea0SLionel Sambuc$ CAcert="""certCA.ss""" 20*ebfedea0SLionel Sambuc$ CAreq="""reqCA.ss""" 21*ebfedea0SLionel Sambuc$ CAconf="""CAss.cnf""" 22*ebfedea0SLionel Sambuc$ CAreq2="""req2CA.ss""" ! temp 23*ebfedea0SLionel Sambuc$ 24*ebfedea0SLionel Sambuc$ Uconf="""Uss.cnf""" 25*ebfedea0SLionel Sambuc$ Ukey="""keyU.ss""" 26*ebfedea0SLionel Sambuc$ Ureq="""reqU.ss""" 27*ebfedea0SLionel Sambuc$ Ucert="""certU.ss""" 28*ebfedea0SLionel Sambuc$ 29*ebfedea0SLionel Sambuc$ write sys$output "" 30*ebfedea0SLionel Sambuc$ write sys$output "make a certificate request using 'req'" 31*ebfedea0SLionel Sambuc$ 32*ebfedea0SLionel Sambuc$ set noon 33*ebfedea0SLionel Sambuc$ define/user sys$output nla0: 34*ebfedea0SLionel Sambuc$ mcr 'exe_dir'openssl no-rsa 35*ebfedea0SLionel Sambuc$ save_severity=$SEVERITY 36*ebfedea0SLionel Sambuc$ set on 37*ebfedea0SLionel Sambuc$ if save_severity 38*ebfedea0SLionel Sambuc$ then 39*ebfedea0SLionel Sambuc$ req_new="-newkey dsa:[-.apps]dsa512.pem" 40*ebfedea0SLionel Sambuc$ else 41*ebfedea0SLionel Sambuc$ req_new="-new" 42*ebfedea0SLionel Sambuc$ endif 43*ebfedea0SLionel Sambuc$ 44*ebfedea0SLionel Sambuc$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss 45*ebfedea0SLionel Sambuc$ if $severity .ne. 1 46*ebfedea0SLionel Sambuc$ then 47*ebfedea0SLionel Sambuc$ write sys$output "error using 'req' to generate a certificate request" 48*ebfedea0SLionel Sambuc$ exit 3 49*ebfedea0SLionel Sambuc$ endif 50*ebfedea0SLionel Sambuc$ write sys$output "" 51*ebfedea0SLionel Sambuc$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" 52*ebfedea0SLionel Sambuc$ define /user sys$output err.ss 53*ebfedea0SLionel Sambuc$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' 54*ebfedea0SLionel Sambuc$ if $severity .ne. 1 55*ebfedea0SLionel Sambuc$ then 56*ebfedea0SLionel Sambuc$ write sys$output "error using 'x509' to self sign a certificate request" 57*ebfedea0SLionel Sambuc$ exit 3 58*ebfedea0SLionel Sambuc$ endif 59*ebfedea0SLionel Sambuc$ 60*ebfedea0SLionel Sambuc$ write sys$output "" 61*ebfedea0SLionel Sambuc$ write sys$output "convert a certificate into a certificate request using 'x509'" 62*ebfedea0SLionel Sambuc$ define /user sys$output err.ss 63*ebfedea0SLionel Sambuc$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' 64*ebfedea0SLionel Sambuc$ if $severity .ne. 1 65*ebfedea0SLionel Sambuc$ then 66*ebfedea0SLionel Sambuc$ write sys$output "error using 'x509' convert a certificate to a certificate request" 67*ebfedea0SLionel Sambuc$ exit 3 68*ebfedea0SLionel Sambuc$ endif 69*ebfedea0SLionel Sambuc$ 70*ebfedea0SLionel Sambuc$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout 71*ebfedea0SLionel Sambuc$ if $severity .ne. 1 72*ebfedea0SLionel Sambuc$ then 73*ebfedea0SLionel Sambuc$ write sys$output "first generated request is invalid" 74*ebfedea0SLionel Sambuc$ exit 3 75*ebfedea0SLionel Sambuc$ endif 76*ebfedea0SLionel Sambuc$ 77*ebfedea0SLionel Sambuc$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout 78*ebfedea0SLionel Sambuc$ if $severity .ne. 1 79*ebfedea0SLionel Sambuc$ then 80*ebfedea0SLionel Sambuc$ write sys$output "second generated request is invalid" 81*ebfedea0SLionel Sambuc$ exit 3 82*ebfedea0SLionel Sambuc$ endif 83*ebfedea0SLionel Sambuc$ 84*ebfedea0SLionel Sambuc$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' 85*ebfedea0SLionel Sambuc$ if $severity .ne. 1 86*ebfedea0SLionel Sambuc$ then 87*ebfedea0SLionel Sambuc$ write sys$output "first generated cert is invalid" 88*ebfedea0SLionel Sambuc$ exit 3 89*ebfedea0SLionel Sambuc$ endif 90*ebfedea0SLionel Sambuc$ 91*ebfedea0SLionel Sambuc$ write sys$output "" 92*ebfedea0SLionel Sambuc$ write sys$output "make another certificate request using 'req'" 93*ebfedea0SLionel Sambuc$ define /user sys$output err.ss 94*ebfedea0SLionel Sambuc$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' 95*ebfedea0SLionel Sambuc$ if $severity .ne. 1 96*ebfedea0SLionel Sambuc$ then 97*ebfedea0SLionel Sambuc$ write sys$output "error using 'req' to generate a certificate request" 98*ebfedea0SLionel Sambuc$ exit 3 99*ebfedea0SLionel Sambuc$ endif 100*ebfedea0SLionel Sambuc$ 101*ebfedea0SLionel Sambuc$ write sys$output "" 102*ebfedea0SLionel Sambuc$ write sys$output "sign certificate request with the just created CA via 'x509'" 103*ebfedea0SLionel Sambuc$ define /user sys$output err.ss 104*ebfedea0SLionel Sambuc$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' 105*ebfedea0SLionel Sambuc$ if $severity .ne. 1 106*ebfedea0SLionel Sambuc$ then 107*ebfedea0SLionel Sambuc$ write sys$output "error using 'x509' to sign a certificate request" 108*ebfedea0SLionel Sambuc$ exit 3 109*ebfedea0SLionel Sambuc$ endif 110*ebfedea0SLionel Sambuc$ 111*ebfedea0SLionel Sambuc$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' 112*ebfedea0SLionel Sambuc$ write sys$output "" 113*ebfedea0SLionel Sambuc$ write sys$output "Certificate details" 114*ebfedea0SLionel Sambuc$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' 115*ebfedea0SLionel Sambuc$ 116*ebfedea0SLionel Sambuc$ write sys$output "" 117*ebfedea0SLionel Sambuc$ write sys$output "The generated CA certificate is ",CAcert 118*ebfedea0SLionel Sambuc$ write sys$output "The generated CA private key is ",CAkey 119*ebfedea0SLionel Sambuc$ 120*ebfedea0SLionel Sambuc$ write sys$output "The generated user certificate is ",Ucert 121*ebfedea0SLionel Sambuc$ write sys$output "The generated user private key is ",Ukey 122*ebfedea0SLionel Sambuc$ 123*ebfedea0SLionel Sambuc$ if f$search("err.ss;*") .nes. "" then delete err.ss;* 124