• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#***************************************************************************
3#                                  _   _ ____  _
4#  Project                     ___| | | |  _ \| |
5#                             / __| | | | |_) | |
6#                            | (__| |_| |  _ <| |___
7#                             \___|\___/|_| \_\_____|
8#
9# Copyright (C) EdelWeb for EdelKey and OpenEvidence
10#
11# This software is licensed as described in the file COPYING, which
12# you should have received as part of this distribution. The terms
13# are also available at https://curl.se/docs/copyright.html.
14#
15# You may opt to use, copy, modify, merge, publish, distribute and/or sell
16# copies of the Software, and permit persons to whom the Software is
17# furnished to do so, under the terms of the COPYING file.
18#
19# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20# KIND, either express or implied.
21#
22# SPDX-License-Identifier: curl
23#
24###########################################################################
25
26OPENSSL=openssl
27if [ -f /usr/local/ssl/bin/openssl ] ; then
28OPENSSL=/usr/local/ssl/bin/openssl
29fi
30
31USAGE="echo Usage is genroot.sh \<name\>"
32
33HOME=`pwd`
34cd $HOME
35
36KEYSIZE=2048
37DURATION=6000
38# The -sha256 option was introduced in OpenSSL 1.0.1
39DIGESTALGO=-sha256
40
41PREFIX=$1
42if [ ".$PREFIX" = . ] ; then
43   echo No configuration prefix
44   NOTOK=1
45else
46   if [ ! -f $PREFIX-ca.prm ] ; then
47      echo No configuration file $PREFIX-ca.prm
48      NOTOK=1
49   fi
50fi
51
52if [ ".$NOTOK" != . ] ; then
53   echo "Sorry, I can't do that for you."
54   $USAGE
55   exit
56fi
57
58GETSERIAL="\$t = time ;\$d =  \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
59SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
60
61# exit on first fail
62set -e
63
64echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
65
66echo "openssl genrsa -out $PREFIX-ca.key -passout XXX $KEYSIZE"
67openssl genrsa -out $PREFIX-ca.key -passout pass:secret $KEYSIZE
68
69echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
70$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
71
72echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert $DIGESTALGO "
73
74$OPENSSL x509  -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert $DIGESTALGO
75
76echo "openssl x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert "
77$OPENSSL x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert
78
79echo "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der "
80$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der
81
82echo "openssl x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt "
83
84$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt
85
86echo "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline"
87$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline
88
89#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout
90