moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

tests/certs/scripts: generate also CRL 

... and make it possible to do so without any user interaction
This commit is contained in:
Kamil Dudka 2010-05-27 23:33:19 +02:00
parent c03cbb38ad
commit 645bdd837a
3 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/certs/EdelCurlRoot-ca.cnf Normal file
View File

@ -0,0 +1,11 @@
[ ca ]
default_ca = EdelCurlRoot
[ EdelCurlRoot ]
database = EdelCurlRoot-ca.db
certificate = EdelCurlRoot-ca.crt
private_key = EdelCurlRoot-ca.key
crlnumber = EdelCurlRoot-ca.cnt
default_md = sha1
default_days = 365
default_crl_days = 30

7
tests/certs/scripts/genroot.sh
View File

@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret
echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "

16
tests/certs/scripts/genserv.sh
View File

@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
NOTOK=1
else
if [ ! -f $CAPREFIX-ca.cacert ] ; then
echo No CA certficate file $PREFIX-ca.caert
echo No CA certficate file $CAPREFIX-ca.caert
NOTOK=1
fi
if [ ! -f $CAPREFIX-ca.key ] ; then
@ -74,7 +74,6 @@ fi
echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
echo pseudo secrets generated
read
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
read
fi
echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
# revoke server cert
touch $CAPREFIX-ca.db
echo 01 > $CAPREFIX-ca.cnt
echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
# issue CRL
echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
read
# all together now
touch $PREFIX-sv.dhp