From b29e23c5868ad5174f5301275d510182bb87a839 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 Feb 2009 21:06:41 +0000 Subject: [PATCH] - Enhanced generation CA script and config to further automate different actions --- programs/ssl/test-ca/gen_test_ca.sh | 48 ++++++++++++++++++++--------- programs/ssl/test-ca/sslconf.txt | 22 +++---------- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh index 117b8b2f7..2e9e7a420 100755 --- a/programs/ssl/test-ca/gen_test_ca.sh +++ b/programs/ssl/test-ca/gen_test_ca.sh @@ -4,9 +4,15 @@ rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm touch index echo "01" > serial +PASSWORD=PolarSSLTest + echo "Generating CA" -openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \ - -set_serial 0 -text -keyout test-ca.key -out test-ca.crt +cat sslconf.txt > sslconf_use.txt +echo "CN=PolarSSL Test CA" >> sslconf_use.txt + +openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \ + -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \ + -passout pass:$PASSWORD echo "Generating rest" openssl genrsa -out server1.key 2048 @@ -15,21 +21,33 @@ openssl genrsa -out client1.key 2048 openssl genrsa -out client2.key 2048 echo "Generating requests" -openssl req -config sslconf.txt -new -key server1.key -out server1.req -openssl req -config sslconf.txt -new -key server2.key -out server2.req -openssl req -config sslconf.txt -new -key client1.key -out client1.req -openssl req -config sslconf.txt -new -key client2.key -out client2.req +cat sslconf.txt > sslconf_use.txt +echo "CN=PolarSSL Server 1" >> sslconf_use.txt +openssl req -config sslconf_use.txt -new -key server1.key -out server1.req + +cat sslconf.txt > sslconf_use.txt +echo "CN=PolarSSL Server 2" >> sslconf_use.txt +openssl req -config sslconf_use.txt -new -key server2.key -out server2.req + +cat sslconf.txt > sslconf_use.txt +echo "CN=PolarSSL Client 1" >> sslconf_use.txt +openssl req -config sslconf_use.txt -new -key client1.key -out client1.req + +cat sslconf.txt > sslconf_use.txt +echo "CN=PolarSSL Client 2" >> sslconf_use.txt +openssl req -config sslconf_use.txt -new -key client2.key -out client2.req echo "Signing requests" -openssl ca -config sslconf.txt -in server1.req -out server1.crt -openssl ca -config sslconf.txt -in server2.req -out server2.crt -openssl ca -config sslconf.txt -in client1.req -out client1.crt -openssl ca -config sslconf.txt -in client2.req -out client2.crt +for i in server1 server2 client1 client2; +do + openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \ + -batch -in $i.req +done echo "Revoking firsts" -openssl ca -config sslconf.txt -revoke server1.crt -openssl ca -config sslconf.txt -revoke client1.crt -openssl ca -config sslconf.txt -gencrl -out crl.pem +openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD +openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD +openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD echo "Verifying second" openssl x509 -in server2.crt -text -noout @@ -39,6 +57,6 @@ rm ca_crl.pem echo "Generating PKCS12" openssl pkcs12 -export -in client2.crt -inkey client2.key \ - -out client2.pfx + -out client2.pfx -passout pass:$PASSWORD -rm *.old *.req +rm *.old *.req sslconf_use.txt diff --git a/programs/ssl/test-ca/sslconf.txt b/programs/ssl/test-ca/sslconf.txt index e7901b17f..81022d77e 100644 --- a/programs/ssl/test-ca/sslconf.txt +++ b/programs/ssl/test-ca/sslconf.txt @@ -25,29 +25,14 @@ policy = my_policy x509_extensions = v3_usr [ my_policy ] -countryName = optional -stateOrProvinceName = optional +countryName = supplied organizationName = match -organizationalUnitName = optional commonName = supplied -emailAddress = optional [ req ] distinguished_name = my_req_dn x509_extensions = v3_ca - -[ my_req_dn ] -countryName = Country Name.............. -countryName_min = 2 -countryName_max = 2 -stateOrProvinceName = State or Province Name.... -localityName = Locality Name............. -0.organizationName = Organization Name......... -organizationalUnitName = Org. Unit Name............ -commonName = Common Name (required).... -commonName_max = 64 -emailAddress = Email Address............. -emailAddress_max = 64 +prompt = no [ v3_ca ] basicConstraints = CA:TRUE @@ -59,3 +44,6 @@ basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer +[ my_req_dn ] +C=NL +O=PolarSSL