diff options
Diffstat (limited to 'test/keys/keygen/make-serverkey.sh')
| -rw-r--r-- | test/keys/keygen/make-serverkey.sh | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/test/keys/keygen/make-serverkey.sh b/test/keys/keygen/make-serverkey.sh new file mode 100644 index 000000000..618b0f45c --- /dev/null +++ b/test/keys/keygen/make-serverkey.sh @@ -0,0 +1,131 @@ +#!/bin/bash + +# tested with git bash on Windows +# probably needs a bit of tweaking for other environments + +# re the "//SKIP=this" in sub see at https://stackoverflow.com/a/54924640/499466 + +echo init folder +rm *.p12 2> /dev/null +rm *.pem 2> /dev/null +rm *.crt 2> /dev/null +rm *.key 2> /dev/null +rm *.cfg 2> /dev/null +rm *.csr 2> /dev/null + +#cp ../*.key . + +echo writing config +echo '[ req ]' > my.cfg +echo 'default_bits= 4096' >> my.cfg +echo 'distinguished_name=req' >> my.cfg +echo 'x509_extensions = v3_ca' >> my.cfg +echo 'req_extensions = v3_req' >> my.cfg +echo '' >> my.cfg +echo '[ v3_req ]' >> my.cfg +echo 'basicConstraints = CA:FALSE' >> my.cfg +echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment' >> my.cfg +echo 'subjectAltName=@alternate_names' >> my.cfg +echo '' >> my.cfg +echo '[ alternate_names ]' >> my.cfg +echo 'IP.1=127.0.0.1' >> my.cfg +echo 'IP.2=::1' >> my.cfg +echo 'IP.3=::ffff:127.0.0.1' >> my.cfg +echo 'DNS.1=localhost' >> my.cfg +echo '' >> my.cfg +echo '[ v3_ca ]' >> my.cfg +echo 'subjectKeyIdentifier=hash' >> my.cfg +echo 'authorityKeyIdentifier=keyid:always,issuer' >> my.cfg +echo 'basicConstraints = critical, CA:TRUE, pathlen:0' >> my.cfg +echo 'keyUsage = critical, cRLSign, keyCertSign, nonRepudiation, digitalSignature, keyEncipherment' >> my.cfg +echo 'extendedKeyUsage = serverAuth, clientAuth' >> my.cfg +echo 'subjectAltName=@alternate_names' >> my.cfg +echo '' >> my.cfg + +echo +echo step 1a +winpty openssl req \ + -new \ + -x509 \ + -nodes \ + -days 3000 \ + -out server.crt \ + -keyout server.key \ + -subj '//SKIP=this/CN=localhost/emailAddress=dev@thrift.apache.org/OU=Apache Thrift/O=The Apache Software Foundation/L=Forest Hill/ST=Maryland/C=US' \ + -extensions v3_ca \ + -config my.cfg + +echo +echo step 1b +openssl x509 -in server.crt -text > CA.pem + +echo +echo step 1c +cat server.crt server.key > server.pem + +echo +echo step 2 +echo 'Use "thrift" as password (without the quotes)' +winpty openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12 + +echo +echo step 3 +winpty openssl genrsa -out client.key + + +echo +echo step 4 +winpty openssl req \ + -new \ + -subj '//SKIP=this/CN=localhost/emailAddress=dev@thrift.apache.org/OU=Apache Thrift/O=The Apache Software Foundation/L=Forest Hill/ST=Maryland/C=US' \ + -key client.key \ + -out client.csr + +echo +echo step 5 +winpty openssl x509 -req -days 3000 -in client.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client.crt + + +echo +echo step 6 +winpty openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 + + +echo +echo step 7 +winpty openssl pkcs12 -in client.p12 -out client.pem -clcerts + + +echo +echo step 8a +openssl genrsa -out client_v3.key + +echo +echo step 8b +winpty openssl req \ + -new \ + -subj '//SKIP=this/CN=localhost/emailAddress=dev@thrift.apache.org/OU=Apache Thrift/O=The Apache Software Foundation/L=Forest Hill/ST=Maryland/C=US' \ + -key client_v3.key \ + -out client_v3.csr \ + -extensions v3_req \ + -config my.cfg + + +echo +echo step 9 +winpty openssl x509 -req -days 3000 -in client_v3.csr -CA CA.pem -CAkey server.key -set_serial 01 -out client_v3.crt -extensions v3_req -extfile my.cfg + +echo +echo cleanup +rm *.cfg 2> /dev/null +rm *.csr 2> /dev/null + +echo +echo test +openssl s_client -connect localhost:9090 & +openssl s_server -accept 9090 -www + +echo +echo done + + |