blob: ce95282c9bd64345348b4e106929062d0037eeb0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
#!/bin/bash
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../../src/certtool$EXEEXT}
OUTPUT=out
TEMPLATE=tmpl
NUM=$1
if test "$NUM" = "";then
echo "usage: $0 number"
exit 1
fi
let LAST=`expr $NUM - 1`
rm -rf $OUTPUT
mkdir -p $OUTPUT
counter=0
while test $counter -lt $NUM; do
if test $counter = $LAST;then
name="server-$counter"
else
name="CA-$counter"
fi
serial=$counter
$CERTTOOL --generate-privkey >$OUTPUT/$name.key 2>/dev/null
if test $counter = 0;then
# ROOT CA
echo "cn = $name" >$TEMPLATE
echo "serial = $serial" >>$TEMPLATE
echo "ca" >>$TEMPLATE
echo "expiration_days = -1" >>$TEMPLATE
echo "cert_signing_key" >>$TEMPLATE
echo "crl_signing_key" >>$TEMPLATE
$CERTTOOL --generate-self-signed --load-privkey $OUTPUT/$name.key --outfile \
$OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
echo "serial = $serial" >$TEMPLATE
echo "expiration_days = -1" >>$TEMPLATE
$CERTTOOL --generate-crl --load-ca-privkey $OUTPUT/$name.key --load-ca-certificate $OUTPUT/$name.crt --outfile \
$OUTPUT/$name.crl --template $TEMPLATE 2>/dev/null
else
if test $counter = $LAST;then
# END certificate
echo "cn = $name" >$TEMPLATE
echo "dns_name = localhost" >>$TEMPLATE
echo "expiration_days = -1" >>$TEMPLATE
echo "signing_key" >>$TEMPLATE
echo "encryption_key" >>$TEMPLATE
echo "tls_www_server" >>$TEMPLATE
$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
--load-ca-certificate $OUTPUT/$prev_name.crt \
--load-ca-privkey $OUTPUT/$prev_name.key \
--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
else
# intermediate CA
echo "cn = $name" >$TEMPLATE
echo "serial = $serial" >>$TEMPLATE
echo "ca" >>$TEMPLATE
echo "expiration_days = -1" >>$TEMPLATE
echo "cert_signing_key" >>$TEMPLATE
echo "signing_key" >>$TEMPLATE
$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
--load-ca-certificate $OUTPUT/$prev_name.crt \
--load-ca-privkey $OUTPUT/$prev_name.key \
--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
fi
fi
let counter=`expr $counter+1`
prev_name=$name
done
let counter=`expr $NUM - 1`
while test $counter -ge 0; do
if test $counter = $LAST;then
name="server-$counter"
else
name="CA-$counter"
fi
cat $OUTPUT/$name.crt >> $OUTPUT/chain
let counter=`expr $counter-1`
done
|