|
1 # |
|
2 # Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 # All rights reserved. |
|
4 # This component and the accompanying materials are made available |
|
5 # under the terms of the License "Eclipse Public License v1.0" |
|
6 # which accompanies this distribution, and is available |
|
7 # at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 # |
|
9 # Initial Contributors: |
|
10 # Nokia Corporation - initial contribution. |
|
11 # |
|
12 # Contributors: |
|
13 # |
|
14 # Description: |
|
15 # Generate certs for testing OCSP against OpenSSL implementation |
|
16 # |
|
17 |
|
18 |
|
19 # address of the Root5 responder, needed for Authority Info Access cert |
|
20 my $ocspR5addr = "http://cam-ocsptest01.intra:19003"; |
|
21 |
|
22 # Address of the Apache server used for serving remote JAR files |
|
23 my $apacheaddr = "cam-ocsptest01.intra"; |
|
24 |
|
25 |
|
26 sub head(@) |
|
27 { |
|
28 my $src=shift(@_); |
|
29 my $dest=shift(@_); |
|
30 my $lines=shift(@_); |
|
31 |
|
32 open(IN,"< $src") or print("Can't open $src"); |
|
33 open(OUT,"> $dest") or print("Can't open $dest"); |
|
34 |
|
35 for (my $count=0; $count < $lines; $count++) |
|
36 { |
|
37 my $fline=<IN>; |
|
38 print OUT $fline; |
|
39 } |
|
40 close(IN); |
|
41 close(OUT); |
|
42 } |
|
43 |
|
44 sub createfile(@) |
|
45 { |
|
46 open(TOUCH,">shift(@_)"); |
|
47 close(TOUCH); |
|
48 } |
|
49 |
|
50 # Create ca files |
|
51 sub mkcadirs(@) |
|
52 { |
|
53 my $cadir=shift(@_); |
|
54 |
|
55 unlink($cadir); |
|
56 mkdir($cadir); |
|
57 open(TOUCH,">$cadir\\index.txt"); |
|
58 close(TOUCH); |
|
59 system("echo 01 > $cadir\\serial"); |
|
60 mkdir "$cadir\\private" ; |
|
61 mkdir "$cadir\\certs"; |
|
62 } |
|
63 |
|
64 |
|
65 |
|
66 |
|
67 |
|
68 # Trash existing data |
|
69 |
|
70 use File::Path; |
|
71 |
|
72 rmtree ("Root1",0,true); |
|
73 rmtree ("Root2",0,true); |
|
74 rmtree ("Root5",0,true); |
|
75 rmtree ("OCSPSigningRoot",0,true); |
|
76 rmtree ("Apache",0,true); |
|
77 rmtree ("Certs",0,true); |
|
78 mkdir "Certs"; |
|
79 |
|
80 |
|
81 |
|
82 ############################################################# |
|
83 ## OCSP Certificates for testing |
|
84 ## |
|
85 ## There are three roots for testing OCSP, Root1, Root2 and Root5 |
|
86 ## |
|
87 ############################################################# |
|
88 |
|
89 |
|
90 |
|
91 # Root1 ########################################################################## |
|
92 |
|
93 mkcadirs("Root1"); |
|
94 $cert_path = "$ENV{'SECURITYSOURCEDIR'}\\testframework\\testcertificates\\certman\\testcertificates"; |
|
95 |
|
96 # Generate root cert |
|
97 system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root1\\private\\ca.key.pem -out Root1\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root1-RSA\" -days 3650 -nodes"); |
|
98 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root1-RSA.der"); |
|
99 |
|
100 # Generate Expired-R1 |
|
101 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Expired-R1.key.pem -out Root1\\Expired-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R1\" -days 3650 -nodes"); |
|
102 system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Expired-R1.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z"); |
|
103 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R1.der"); |
|
104 |
|
105 # Generate Good-R1 |
|
106 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Good-R1.key.pem -out $cert_path\\openssl\\Root1\\Good-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R1\" -days 3650 -nodes"); |
|
107 system("openssl ca -config openssl.config -out $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -name Root1 -in Root1\\Good-R1.req.pem -batch -days 3650"); |
|
108 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R1.der"); |
|
109 |
|
110 # Generate Revoked-R1 |
|
111 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Revoked-R1.key.pem -out $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R1\" -days 3650 -nodes"); |
|
112 system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -batch -days 3650"); |
|
113 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R1.der"); |
|
114 system("openssl ca -config openssl.config -name Root1 -revoke $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -crl_reason keyCompromise"); |
|
115 |
|
116 # Generate Unknown-R1 |
|
117 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Unknown-R1.key.pem -out $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R1\" -days 3650 -nodes"); |
|
118 system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -batch -days 3650"); |
|
119 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R1.der"); |
|
120 |
|
121 # remove Unknown-R1 from the CA |
|
122 rename("Root1\\index.txt","Root1\\index.txt.new"); |
|
123 head("Root1\\index.txt.new","Root1\\index.txt",3); |
|
124 unlink("Root1\\Certs\\Unknown-R1.pem.pem"); |
|
125 unlink("Root1\\index.txt.new"); |
|
126 |
|
127 # Generate OCSPSigner-R1 |
|
128 system("openssl req -extensions NoOCSP_Ext -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\OCSPSigner-R1.key.pem -out $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R1\" -days 3650 -nodes"); |
|
129 system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root1 -in $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -batch -days 3650"); |
|
130 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R1.der"); |
|
131 |
|
132 |
|
133 # Root2 ########################################################################## |
|
134 |
|
135 mkcadirs("Root2"); |
|
136 |
|
137 |
|
138 system("openssl dsaparam -out Root2\\dsaparam.pem 1024"); |
|
139 my $keyParams= "-newkey dsa:Root2\\dsaparam.pem"; |
|
140 |
|
141 # my $keyParams="-newkey rsa:1024"; |
|
142 |
|
143 |
|
144 |
|
145 # Generate root cert |
|
146 system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 $keyParams -keyout $cert_path\\openssl\\Root2\\private\\ca.key.pem -out $cert_path\\openssl\\Root2\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root2-DSA\" -days 6000 -nodes"); |
|
147 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root2-DSA.der"); |
|
148 |
|
149 # Generate Expired-R2 |
|
150 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Expired-R2.key.pem -out $cert_path\\openssl\\Root2\\Expired-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R2\" -days 3650 -nodes"); |
|
151 system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Expired-R2.req.pem -batch -out $cert_path\\openssl\\Root2\\Certs\\Expired-R2.pem -startdate 820203120000Z -enddate 820203120001Z"); |
|
152 system("openssl x509 -in Root2\\Certs\\Expired-R2.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R2.der"); |
|
153 |
|
154 # Generate Good-R2 |
|
155 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Good-R2.key.pem -out $cert_path\\openssl\\Root2\\Good-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R2\" -days 3650 -nodes"); |
|
156 system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Good-R2.req.pem -batch -days 3650"); |
|
157 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R2.der"); |
|
158 |
|
159 # Generate Revoked-R2 |
|
160 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Revoked-R2.key.pem -out $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R2\" -days 3650 -nodes"); |
|
161 system("openssl ca -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -batch -days 3650"); |
|
162 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R2.der"); |
|
163 system("openssl ca -config openssl.config -name Root2 -revoke Root2\\Certs\\03.pem -crl_reason keyCompromise"); |
|
164 |
|
165 # Generate Unknown-R2 |
|
166 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Unknown-R2.key.pem -out Root2\\Unknown-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R2\" -days 3650 -nodes"); |
|
167 system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Unknown-R2.req.pem -batch -days 3650"); |
|
168 system("openssl x509 -in Root2\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R2.der"); |
|
169 |
|
170 # remove Unknown-R2 from the CA |
|
171 rename("Root2\\index.txt","Root2\\index.txt.new"); |
|
172 head("Root2\\index.txt.new","Root2\\index.txt",3); |
|
173 unlink("Root2\\Certs\\04.pem"); |
|
174 |
|
175 |
|
176 # Generate OCSPSigner-R2 |
|
177 system("openssl req -extensions NoOCSP_Ext -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\OCSPSigner-R2.key.pem -out $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R2\" -days 6000 -nodes"); |
|
178 system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -batch -days 6000"); |
|
179 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R2.der"); |
|
180 |
|
181 |
|
182 # Root5 ########################################################################## |
|
183 |
|
184 mkcadirs("Root5"); |
|
185 |
|
186 # Generate root cert |
|
187 system("openssl req -extensions Root5_Root_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root5\\private\\ca.key.pem -out Root5\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root5-RSA\" -days 3650 -nodes"); |
|
188 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root5-RSA.der"); |
|
189 |
|
190 # Generate Expired-R5 |
|
191 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Expired-R5.key.pem -out Root5\\Expired-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R5\" -days 3650 -nodes"); |
|
192 system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Expired-R5.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z"); |
|
193 system("openssl x509 -in Root5\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R5.der"); |
|
194 |
|
195 # Generate Good-R5 |
|
196 system("openssl req -config openssl.config -newkey rsa:1024 -keyout Root5\\private\\Good-R5.key.pem -out Root5\\Good-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R5\" -days 3650 -nodes"); |
|
197 system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Good-R5.req.pem -batch -days 3650"); |
|
198 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R5.der"); |
|
199 |
|
200 # Generate Revoked-R5 |
|
201 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Revoked-R5.key.pem -out $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R5\" -days 3650 -nodes"); |
|
202 system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -batch -days 3650"); |
|
203 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R5.der"); |
|
204 system("openssl ca -config openssl.config -name Root5 -revoke $cert_path\\openssl\\Root5\\Certs\\03.pem -crl_reason keyCompromise"); |
|
205 |
|
206 # Generate Unknown-R5 |
|
207 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Unknown-R5.key.pem -out $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R5\" -days 3650 -nodes"); |
|
208 system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -batch -days 3650"); |
|
209 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R5.der"); |
|
210 |
|
211 # remove Unknown-R5 from the CA |
|
212 rename("Root5\\index.txt","Root5\\index.txt.new"); |
|
213 head("Root5\\index.txt.new","Root5\\index.txt",3); |
|
214 unlink("$cert_path\\openssl\\Root5\\Certs\\04.pem"); |
|
215 |
|
216 |
|
217 # Generate Mid-R5 |
|
218 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\Mid-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Mid-R5\" -days 3650 -nodes"); |
|
219 system("openssl ca -extensions Root5_Mid -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Mid-R5.req.pem -batch -days 3650"); |
|
220 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\Mid-R5.der"); |
|
221 |
|
222 use File::Copy; |
|
223 |
|
224 copy("$cert_path\\openssl\\Root5\\private\\ca.key.pem","$cert_path\\openssl\\Root5-Mid\\Private\\Mid-R5.key.pem"); |
|
225 copy("$cert_path\\openssl\\Root5\\Certs\\05.pem","$cert_path\\openssl\\Root5-Mid\\Certs\\Mid-R5.pem"); |
|
226 |
|
227 system("openssl req -config openssl.config -extensions Root5_Mid_EE -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Good-M5.key.pem -out $cert_path\\openssl\\Root5\\Good-M5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-M5\" -days 3650 -nodes"); |
|
228 system("openssl x509 -extfile Good-M5.extensions -req -in $cert_path\\openssl\\Root5\\Good-M5.req.pem -CA $cert_path\\openssl\\Root5\\certs\\05.pem -CAkey $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\private\\Good-M5.cert.pem -CAserial Root5\\serial"); |
|
229 system("openssl x509 -in Root5\\private\\Good-M5.cert.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-M5.der"); |
|
230 |
|
231 |
|
232 # Generate OCSPSigner-R5 |
|
233 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\OCSPSigner-R5.key.pem -out $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R5\" -days 6000 -nodes"); |
|
234 system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root5 -in $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -batch -days 6000"); |
|
235 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\07.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R5.der"); |
|
236 |
|
237 |
|
238 #Generate GoodAIA-R5 cert, server specified in cert extension |
|
239 open(AIAEXT,">GoodAIA-R5.extension"); |
|
240 print AIAEXT "authorityInfoAccess = OCSP;URI:$ocspR5addr"; |
|
241 close(AIAEXT); |
|
242 |
|
243 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\GoodAIA-R5.key.pem -out $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=GoodAIA-R5\" -days 3650 -nodes"); |
|
244 system("openssl ca -extfile GoodAIA-R5.extension -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -batch -days 3650"); |
|
245 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\08.pem -outform DER -out $cert_path\\openssl\\Certs\\GoodAIA-R5.der"); |
|
246 |
|
247 unlink "GoodAIA-R5.extension"; |
|
248 |
|
249 |
|
250 # Apache certificate stuff |
|
251 |
|
252 mkdir("Apache"); |
|
253 |
|
254 |
|
255 #Generate Apache-R5 cert, certificate used for SSL on apache server |
|
256 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Apache-R5.key.pem -out Root5\\Apache-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=$apacheaddr\" -days 6000 -nodes"); |
|
257 system("openssl ca -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Apache-R5.req.pem -batch -days 6000"); |
|
258 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\09.pem -outform DER -out $cert_path\\openssl\\Certs\\Apache-R5.der"); |
|
259 |
|
260 copy("Root5\\Certs\\09.pem","$cert_path\\openssl\\Apache\\Apache-R5.pem"); |
|
261 copy("Root5\\private\\$cert_path\\openssl\\Apache-R5.key.pem","$cert_path\\openssl\\Apache\\Apache-R5.key.pem"); |
|
262 |
|
263 copy("$cert_path\\openssl\\Root5\\Certs\ca.pem","$cert_path\\openssl\\Apache\\Root5-RSA.pem"); |
|
264 |
|
265 |
|
266 # OCSPSigningRoot ########################################################################## |
|
267 |
|
268 mkcadirs("OCSPSigningRoot"); |
|
269 |
|
270 # Generate root cert |
|
271 system("openssl req -config openssl.config -x509 -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\ca.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigningRoot-RSA\" -days 3650 -nodes"); |
|
272 system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigningRoot-RSA.der"); |
|
273 |
|
274 # Generate Signer-OCSPR |
|
275 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\Signer-OCSPR.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -subj \"/O=Symbian Software Ltd/CN=Signer-OCSPR\" -days 3650 -nodes"); |
|
276 system("openssl ca -config openssl.config -name OCSPSigningRoot -in $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -batch -days 3650"); |
|
277 system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Signer-OCSPR.der"); |