-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathgen-cert.sh
executable file
·71 lines (59 loc) · 1.88 KB
/
gen-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
# Generate some test certificates which are used by the regression test suite:
#
# tls/ca.{crt,key} Self signed CA certificate.
# tls/atophttpd.{crt,key} A certificate with no key usage/policy restrictions.
# tls/client.{crt,key} A certificate restricted for SSL client usage.
# tls/server.{crt,key} A certificate restricted for SSL server usage.
# tls/atophttpd.dh DH Params file.
generate_cert() {
local name=$1
local cn=$2
local opts="$3"
local keyfile=tls/${name}.key
local certfile=tls/${name}.crt
[ -f $keyfile ] || openssl genrsa -out $keyfile 2048
openssl req \
-new -sha256 \
-subj "/O=Atophttpd Test/CN=$cn" \
-key $keyfile | \
openssl x509 \
-req -sha256 \
-CA tls/ca.crt \
-CAkey tls/ca.key \
-CAserial tls/ca.txt \
-CAcreateserial \
-days 365 \
$opts \
-out $certfile
}
read -p "Enter DNS name: " DNS
read -p "Enter IP address: " IP
SAN="DNS:localhost"
if [ ! -z "$DNS" ]; then
SAN="$SAN,DNS:$DNS"
fi
if [ ! -z "$IP" ]; then
SAN="$SAN,IP:$IP"
fi
mkdir -p tls
[ -f tls/ca.key ] || openssl genrsa -out tls/ca.key 4096
openssl req \
-x509 -new -nodes -sha256 \
-key tls/ca.key \
-days 3650 \
-subj '/O=Atophttpd Test/CN=Certificate Authority' \
-out tls/ca.crt
cat > tls/openssl.cnf <<_END_
[ server_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = server
subjectAltName = ${SAN}
[ client_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = client
_END_
generate_cert server "Server-only" "-extfile tls/openssl.cnf -extensions server_cert"
generate_cert client "Client-only" "-extfile tls/openssl.cnf -extensions client_cert"
generate_cert atophttpd "Generic-cert"
[ -f tls/atophttpd.dh ] || openssl dhparam -out tls/atophttpd.dh 2048