You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
2.2 KiB
62 lines
2.2 KiB
4 months ago
|
#!/bin/bash
|
||
|
set -eu
|
||
|
|
||
|
target_dir="${1:-.}"
|
||
|
days=3650
|
||
|
rsa_bits=2048
|
||
|
org="httplib2-test"
|
||
|
server_cn="localhost"
|
||
|
subj_prefix="/C=ZZ/ST=./L=./O=$org/OU=."
|
||
|
|
||
|
main() {
|
||
|
cd "$target_dir"
|
||
|
gen
|
||
|
check
|
||
|
}
|
||
|
|
||
|
check() {
|
||
|
echo "- check keys" >&2
|
||
|
openssl rsa -in ca.key -check -noout
|
||
|
openssl rsa -in client.key -check -noout
|
||
|
openssl rsa -in client_encrypted.key -check -noout -passin pass:12345
|
||
|
openssl rsa -in server.key -check -noout
|
||
|
|
||
|
echo "- check certs" >&2
|
||
|
for f in *.pem ; do
|
||
|
openssl x509 -in "$f" -checkend 3600 -noout
|
||
|
done
|
||
|
}
|
||
|
|
||
|
gen() {
|
||
|
echo "- generate keys, if absent" >&2
|
||
|
[[ -f ca.key ]] || openssl genrsa -out ca.key $rsa_bits
|
||
|
[[ -f client.key ]] || openssl genrsa -out client.key $rsa_bits
|
||
|
[[ -f client_encrypted.key ]] || openssl rsa -in client.key -out client_encrypted.key -aes128 -passout pass:12345
|
||
|
[[ -f server.key ]] || openssl genrsa -out server.key $rsa_bits
|
||
|
|
||
|
echo "- generate CA" >&2
|
||
|
openssl req -batch -new -nodes -x509 -days $days -subj "$subj_prefix/CN=$org-CA" -key ca.key -out ca.pem
|
||
|
openssl req -batch -new -nodes -x509 -days $days -subj "$subj_prefix/CN=$org-CA-unused" -key ca.key -out ca_unused.pem
|
||
|
|
||
|
echo "- generate client cert" >&2
|
||
|
openssl req -batch -new -nodes -out tmp.csr -key client.key -subj "$subj_prefix/CN=$org-client"
|
||
|
openssl x509 -req -in tmp.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.crt -days $days -serial -fingerprint
|
||
|
cat client.crt client.key >client.pem
|
||
|
cat client.crt ca.pem client.key >client_chain.pem
|
||
|
|
||
|
echo "- generate encrypted client cert" >&2
|
||
|
openssl req -batch -new -nodes -out tmp.csr -key client_encrypted.key -passin pass:12345 -subj "$subj_prefix/CN=$org-client-enc"
|
||
|
openssl x509 -req -in tmp.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client_encrypted.crt -days $days -serial -fingerprint
|
||
|
cat client_encrypted.crt client_encrypted.key >client_encrypted.pem
|
||
|
|
||
|
echo "- generate server cert" >&2
|
||
|
openssl req -batch -new -nodes -out tmp.csr -key server.key -subj "$subj_prefix/CN=$server_cn"
|
||
|
openssl x509 -req -in tmp.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.crt -days $days -serial -fingerprint
|
||
|
cat server.crt server.key >server.pem
|
||
|
cat server.crt ca.pem server.key >server_chain.pem
|
||
|
|
||
|
rm tmp.csr
|
||
|
}
|
||
|
|
||
|
main
|