From c76ab3bc40c10e1c062b2192d2ce03588ab325c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 26 Apr 2006 16:16:01 +0000 Subject: [PATCH] build proxy certificates git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17270 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/data/gen-req.sh | 75 ++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/lib/hx509/data/gen-req.sh b/lib/hx509/data/gen-req.sh index 944f0ab18..156769f73 100644 --- a/lib/hx509/data/gen-req.sh +++ b/lib/hx509/data/gen-req.sh @@ -6,7 +6,7 @@ gen_cert() { openssl req \ -new \ - -subj "/CN=$1/C=SE" \ + -subj "$1" \ -config openssl.cnf \ -newkey rsa:1024 \ -sha1 \ @@ -25,6 +25,23 @@ gen_cert() -out cert.crt ln -s ca.crt `openssl x509 -hash -noout -in cert.crt`.0 + + name=$3 + + elif [ "$3" = "proxy" ] ; then + + openssl x509 \ + -req \ + -in cert.req \ + -days 3650 \ + -out cert.crt \ + -CA $2.crt \ + -CAkey $2.key \ + -CAcreateserial \ + -extfile openssl.cnf \ + -extensions $4 + + name=$5 else openssl ca \ @@ -37,54 +54,40 @@ gen_cert() -outdir . \ -batch \ -config openssl.cnf + + name=$3 fi - mv cert.crt $3.crt - mv out.key $3.key + mv cert.crt $name.crt + mv out.key $name.key } echo "01" > serial > index.txt rm -f *.0 -gen_cert "hx509 Test Root CA" "root" "ca" "v3_ca" -gen_cert "OCSP responder" "ca" "ocsp-responder" "ocsp" -gen_cert "Test cert" "ca" "test" "usr" -gen_cert "Revoke cert" "ca" "revoke" "usr" -gen_cert "Test cert KeyEncipherment" "ca" "test-ke-only" "usr_ke" -gen_cert "Test cert DigitalSignature" "ca" "test-ds-only" "usr_ds" -gen_cert "Sub CA" "ca" "sub-ca" "subca" -gen_cert "Test sub cert" "sub-ca" "sub-cert" "usr" +gen_cert "/CN=hx509 Test Root CA/C=SE" "root" "ca" "v3_ca" +gen_cert "/CN=OCSP responder/C=SE" "ca" "ocsp-responder" "ocsp" +gen_cert "/CN=Test cert/C=SE" "ca" "test" "usr" +gen_cert "/CN=Revoke cert/C=SE" "ca" "revoke" "usr" +gen_cert "/CN=Test cert KeyEncipherment/C=SE" "ca" "test-ke-only" "usr_ke" +gen_cert "/CN=Test cert DigitalSignature/C=SE" "ca" "test-ds-only" "usr_ds" +gen_cert "/CN=Sub CA/C=SE" "ca" "sub-ca" "subca" +gen_cert "/CN=Test sub cert/C=SE" "sub-ca" "sub-cert" "usr" +gen_cert "/CN=proxy/CN=Test cert/C=SE" "test" "proxy" "proxy_cert" proxy-test +gen_cert "/CN=proxy2/CN=Test cert/C=SE" "proxy-test" "proxy" "proxy_cert" proxy-level-test +gen_cert "/CN=no-proxy/CN=Test cert/C=SE" "test" "proxy" "usr_cert" no-proxy-test +gen_cert "/CN=proxy10/CN=Test cert/C=SE" "test" "proxy" "proxy10_cert" proxy10-test +gen_cert "/CN=proxy10-child/CN=Test cert/C=SE" "proxy10-test" "proxy" "proxy_cert" proxy10-child-test + +# combine cat sub-ca.crt ca.crt > sub-ca-combined.crt - cat test.crt test.key > test.combined.crt + +# password protected key openssl rsa -in test.key -aes256 -passout pass:foobar -out test-pw.key -openssl req -new \ - -subj "/CN=proxy/CN=Test cert/C=SE" \ - -newkey rsa:1024 \ - -sha1 \ - -nodes \ - -config openssl.cnf \ - -out proxy-test.req -keyout proxy-test.key - -openssl x509 -req -CAcreateserial -in proxy-test.req -days 7 \ - -out proxy-test.crt -CA test.crt -CAkey test.key \ - -extfile openssl.cnf -extensions proxy_cert - -openssl req -new \ - -subj "/CN=no-proxy/CN=Test cert/C=SE" \ - -newkey rsa:1024 \ - -sha1 \ - -nodes \ - -config openssl.cnf \ - -out no-proxy-test.req -keyout no-proxy-test.key - -openssl x509 -req -CAcreateserial -in no-proxy-test.req -days 7 \ - -out no-proxy-test.crt -CA test.crt -CAkey test.key \ - -extfile openssl.cnf -extensions usr_cert - openssl ca \ -name usr \