Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/demos/certs/apps/mkacerts.sh
34877 views
1
#!/bin/sh

2


3
# Recreate the demo certificates in the apps directory.

4


5
opensslcmd() {

6
    LD_LIBRARY_PATH=../../.. ../../../apps/openssl $@

7
}

8


9
opensslcmd version

10


11
# Root CA: create certificate directly

12
CN="OpenSSL Test Root CA" opensslcmd req -config apps.cnf -x509 -nodes \

13
	-keyout root.pem -out root.pem -key rootkey.pem -new -days 3650

14
# Intermediate CA: request first

15
CN="OpenSSL Test Intermediate CA" opensslcmd req -config apps.cnf -nodes \

16
	-key intkey.pem -out intreq.pem -new

17
# Sign request: CA extensions

18
opensslcmd x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \

19
	-extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem

20
# Client certificate: request first

21
CN="Test Client Cert" opensslcmd req -config apps.cnf -nodes \

22
	-key ckey.pem -out creq.pem -new

23
# Sign using intermediate CA

24
opensslcmd x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \

25
	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \

26
	opensslcmd x509 -nameopt oneline -subject -issuer >client.pem

27
# Server certificate: request first

28
CN="Test Server Cert" opensslcmd req -config apps.cnf -nodes \

29
	-key skey.pem -out sreq.pem -new

30
# Sign using intermediate CA

31
opensslcmd x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \

32
	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \

33
	opensslcmd x509 -nameopt oneline -subject -issuer >server.pem

34
# Server certificate #2: request first

35
CN="Test Server Cert #2" opensslcmd req -config apps.cnf -nodes \

36
	-key skey2.pem -out sreq2.pem -new

37
# Sign using intermediate CA

38
opensslcmd x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \

39
	-extfile apps.cnf -extensions usr_cert -CAcreateserial | \

40
	opensslcmd x509 -nameopt oneline -subject -issuer >server2.pem

41


42
# Append keys to file.

43


44
cat skey.pem >>server.pem

45
cat skey2.pem >>server2.pem

46
cat ckey.pem >>client.pem

47


48
opensslcmd verify -CAfile root.pem -untrusted intca.pem \

49
				server2.pem server.pem client.pem

50


51