- Enhanced generation CA script and config to further automate different actions
This commit is contained in:
parent
3681b118ec
commit
b29e23c586
2 changed files with 38 additions and 32 deletions
|
@ -4,9 +4,15 @@ rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
|
|||
touch index
|
||||
echo "01" > serial
|
||||
|
||||
PASSWORD=PolarSSLTest
|
||||
|
||||
echo "Generating CA"
|
||||
openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
|
||||
-set_serial 0 -text -keyout test-ca.key -out test-ca.crt
|
||||
cat sslconf.txt > sslconf_use.txt
|
||||
echo "CN=PolarSSL Test CA" >> sslconf_use.txt
|
||||
|
||||
openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
|
||||
-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
|
||||
-passout pass:$PASSWORD
|
||||
|
||||
echo "Generating rest"
|
||||
openssl genrsa -out server1.key 2048
|
||||
|
@ -15,21 +21,33 @@ openssl genrsa -out client1.key 2048
|
|||
openssl genrsa -out client2.key 2048
|
||||
|
||||
echo "Generating requests"
|
||||
openssl req -config sslconf.txt -new -key server1.key -out server1.req
|
||||
openssl req -config sslconf.txt -new -key server2.key -out server2.req
|
||||
openssl req -config sslconf.txt -new -key client1.key -out client1.req
|
||||
openssl req -config sslconf.txt -new -key client2.key -out client2.req
|
||||
cat sslconf.txt > sslconf_use.txt
|
||||
echo "CN=PolarSSL Server 1" >> sslconf_use.txt
|
||||
openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
|
||||
|
||||
cat sslconf.txt > sslconf_use.txt
|
||||
echo "CN=PolarSSL Server 2" >> sslconf_use.txt
|
||||
openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
|
||||
|
||||
cat sslconf.txt > sslconf_use.txt
|
||||
echo "CN=PolarSSL Client 1" >> sslconf_use.txt
|
||||
openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
|
||||
|
||||
cat sslconf.txt > sslconf_use.txt
|
||||
echo "CN=PolarSSL Client 2" >> sslconf_use.txt
|
||||
openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
|
||||
|
||||
echo "Signing requests"
|
||||
openssl ca -config sslconf.txt -in server1.req -out server1.crt
|
||||
openssl ca -config sslconf.txt -in server2.req -out server2.crt
|
||||
openssl ca -config sslconf.txt -in client1.req -out client1.crt
|
||||
openssl ca -config sslconf.txt -in client2.req -out client2.crt
|
||||
for i in server1 server2 client1 client2;
|
||||
do
|
||||
openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
|
||||
-batch -in $i.req
|
||||
done
|
||||
|
||||
echo "Revoking firsts"
|
||||
openssl ca -config sslconf.txt -revoke server1.crt
|
||||
openssl ca -config sslconf.txt -revoke client1.crt
|
||||
openssl ca -config sslconf.txt -gencrl -out crl.pem
|
||||
openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
|
||||
openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
|
||||
openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
|
||||
|
||||
echo "Verifying second"
|
||||
openssl x509 -in server2.crt -text -noout
|
||||
|
@ -39,6 +57,6 @@ rm ca_crl.pem
|
|||
|
||||
echo "Generating PKCS12"
|
||||
openssl pkcs12 -export -in client2.crt -inkey client2.key \
|
||||
-out client2.pfx
|
||||
-out client2.pfx -passout pass:$PASSWORD
|
||||
|
||||
rm *.old *.req
|
||||
rm *.old *.req sslconf_use.txt
|
||||
|
|
|
@ -25,29 +25,14 @@ policy = my_policy
|
|||
x509_extensions = v3_usr
|
||||
|
||||
[ my_policy ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
countryName = supplied
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
distinguished_name = my_req_dn
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[ my_req_dn ]
|
||||
countryName = Country Name..............
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
stateOrProvinceName = State or Province Name....
|
||||
localityName = Locality Name.............
|
||||
0.organizationName = Organization Name.........
|
||||
organizationalUnitName = Org. Unit Name............
|
||||
commonName = Common Name (required)....
|
||||
commonName_max = 64
|
||||
emailAddress = Email Address.............
|
||||
emailAddress_max = 64
|
||||
prompt = no
|
||||
|
||||
[ v3_ca ]
|
||||
basicConstraints = CA:TRUE
|
||||
|
@ -59,3 +44,6 @@ basicConstraints = CA:FALSE
|
|||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
|
||||
[ my_req_dn ]
|
||||
C=NL
|
||||
O=PolarSSL
|
||||
|
|
Loading…
Reference in a new issue