Mercurial Mercurial > oss > FCL > sf > mw > securitysrv / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pkiutilities/ocsp/test/server/OpenSSL/generateCerts.sh
changeset 0 164170e6151a 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkiutilities/ocsp/test/server/OpenSSL/generateCerts.sh	Tue Jan 26 15:20:08 2010 +0200
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# Generate certs for testing OCSP against OpenSSL implementation
+#
+# There are two CAs:
+#   ca1 signs a responder cert which signs responses
+#   ca2 signs responses with its ca cert
+
+# Trash existing data
+rm -rf ca1 ca2 certs tmp
+mkdir ca1 ca2 certs tmp 
+
+# ca1 ##########################################################################
+
+# RSA keys, CA signed responder cert signed responses
+
+# Create ca files
+touch ca1/index.txt
+echo "01" > ca1/serial
+mkdir ca1/private
+mkdir ca1/certs
+
+# Generate root cert
+openssl req -x509 -newkey rsa:1024 -keyout ca1/private/cakey.pem -out ca1/cacert.pem -subj "/O=Symbian/CN=CA Root Cert" -days 3650 -nodes 
+openssl x509 -in ca1/cacert.pem -outform DER -out certs/ca1-root.der
+
+# Generate ocsp responder cert 
+openssl req -newkey rsa:1024 -keyout ca1/private/reskey.pem -out tmp/req.pem -subj "/O=Symbian/CN=CA OCSP Responder" -days 3650 -nodes
+openssl ca -config openssl.config -name ca1 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca1/certs/01.pem -outform DER -out certs/ca1-responder.der
+
+# Generate entity cert 1
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 1 (Good)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca1 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca1/certs/02.pem -outform DER -out certs/ca1-entity1.der
+
+# Generate entity cert 2 and revoke it
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 2 (Revoked)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca1 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca1/certs/03.pem -outform DER -out certs/ca1-entity2.der
+openssl ca -config openssl.config -name ca1 -revoke ca1/certs/03.pem -crl_reason keyCompromise
+
+# Generate entity cert 3 and then remove it from the ca
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 3 (Unknown)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca1 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca1/certs/04.pem -outform DER -out certs/ca1-entity3.der
+mv ca1/index.txt tmp
+head -3 tmp/index.txt > ca1/index.txt
+rm ca1/certs/04.pem
+
+# ca2 ##########################################################################
+
+# DSA keys, CA cert signs responses
+
+# Create ca files
+touch ca2/index.txt
+echo "01" > ca2/serial
+mkdir ca2/private
+mkdir ca2/certs
+
+# Generate root cert
+openssl req -x509 -newkey rsa:1024 -keyout ca2/private/cakey.pem -out ca2/cacert.pem -subj "/O=Symbian/CN=CA Root Cert" -days 3650 -nodes 
+openssl x509 -in ca2/cacert.pem -outform DER -out certs/ca2-root.der
+
+# Generate entity cert 1
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 1 (Good)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca2 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca2/certs/01.pem -outform DER -out certs/ca2-entity1.der
+
+# Generate entity cert 2 and revoke it
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 2 (Revoked)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca2 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca2/certs/02.pem -outform DER -out certs/ca2-entity2.der
+openssl ca -config openssl.config -name ca2 -revoke ca2/certs/02.pem -crl_reason keyCompromise
+
+# Generate entity cert 3 and then remove it from the ca
+openssl req -newkey rsa:1024 -keyout tmp/key.pem -out tmp/req.pem -subj "/O=Symbian/CN=Entity Cert 3 (Unknown)" -days 3650 -nodes
+openssl ca -config openssl.config -name ca2 -in tmp/req.pem -batch -days 3650
+openssl x509 -in ca2/certs/03.pem -outform DER -out certs/ca2-entity3.der
+mv ca2/index.txt tmp
+head -2 tmp/index.txt > ca2/index.txt
+rm ca2/certs/03.pem
+
+# To use DSA instead of RSA, first generate DSA parameters:
+#   openssl dsaparam -out tmp/dsaparam.pem 1024
+# And use this in the newkey options
+#   openssl req -x509 -newkey dsa:tmp/dsaparam.pem ...
+
+# Tidy
+rm -rf tmp
FCL/sf/mw/securitysrv