yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-30 17:21:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Enhanced generation CA script and config to further automate different actions

Browse source
This commit is contained in:
Paul Bakker 2009-02-09 21:06:41 +00:00
parent 3681b118ec
commit b29e23c586
2 changed files with 38 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
programs/ssl/test-ca/gen_test_ca.sh
View file

@ -4,9 +4,15 @@ rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
touch index touch index
echo "01" > serial echo "01" > serial
PASSWORD=PolarSSLTest
echo "Generating CA" echo "Generating CA"
openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \ cat sslconf.txt > sslconf_use.txt
-set_serial 0 -text -keyout test-ca.key -out test-ca.crt echo "CN=PolarSSL Test CA" >> sslconf_use.txt
openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
-set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
-passout pass:$PASSWORD
echo "Generating rest" echo "Generating rest"
openssl genrsa -out server1.key 2048 openssl genrsa -out server1.key 2048
@ -15,21 +21,33 @@ openssl genrsa -out client1.key 2048
openssl genrsa -out client2.key 2048 openssl genrsa -out client2.key 2048
echo "Generating requests" echo "Generating requests"
openssl req -config sslconf.txt -new -key server1.key -out server1.req cat sslconf.txt > sslconf_use.txt
openssl req -config sslconf.txt -new -key server2.key -out server2.req echo "CN=PolarSSL Server 1" >> sslconf_use.txt
openssl req -config sslconf.txt -new -key client1.key -out client1.req openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
openssl req -config sslconf.txt -new -key client2.key -out client2.req
cat sslconf.txt > sslconf_use.txt
echo "CN=PolarSSL Server 2" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
cat sslconf.txt > sslconf_use.txt
echo "CN=PolarSSL Client 1" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
cat sslconf.txt > sslconf_use.txt
echo "CN=PolarSSL Client 2" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
echo "Signing requests" echo "Signing requests"
openssl ca -config sslconf.txt -in server1.req -out server1.crt for i in server1 server2 client1 client2;
openssl ca -config sslconf.txt -in server2.req -out server2.crt do
openssl ca -config sslconf.txt -in client1.req -out client1.crt openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
openssl ca -config sslconf.txt -in client2.req -out client2.crt -batch -in $i.req
done
echo "Revoking firsts" echo "Revoking firsts"
openssl ca -config sslconf.txt -revoke server1.crt openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
openssl ca -config sslconf.txt -revoke client1.crt openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
openssl ca -config sslconf.txt -gencrl -out crl.pem openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
echo "Verifying second" echo "Verifying second"
openssl x509 -in server2.crt -text -noout openssl x509 -in server2.crt -text -noout
@ -39,6 +57,6 @@ rm ca_crl.pem
echo "Generating PKCS12" echo "Generating PKCS12"
openssl pkcs12 -export -in client2.crt -inkey client2.key \ openssl pkcs12 -export -in client2.crt -inkey client2.key \
-out client2.pfx -out client2.pfx -passout pass:$PASSWORD
rm *.old *.req rm *.old *.req sslconf_use.txt

22
programs/ssl/test-ca/sslconf.txt
View file

@ -25,29 +25,14 @@ policy = my_policy
x509_extensions = v3_usr x509_extensions = v3_usr
[ my_policy ] [ my_policy ]
countryName = optional countryName = supplied
stateOrProvinceName = optional
organizationName = match organizationName = match
organizationalUnitName = optional
commonName = supplied commonName = supplied
emailAddress = optional
[ req ] [ req ]
distinguished_name = my_req_dn distinguished_name = my_req_dn
x509_extensions = v3_ca x509_extensions = v3_ca
prompt = no
[ my_req_dn ]
countryName = Country Name..............
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name....
localityName = Locality Name.............
0.organizationName = Organization Name.........
organizationalUnitName = Org. Unit Name............
commonName = Common Name (required)....
commonName_max = 64
emailAddress = Email Address.............
emailAddress_max = 64
[ v3_ca ] [ v3_ca ]
basicConstraints = CA:TRUE basicConstraints = CA:TRUE
@ -59,3 +44,6 @@ basicConstraints = CA:FALSE
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer authorityKeyIdentifier = keyid,issuer
[ my_req_dn ]
C=NL
O=PolarSSL