Mercurial Mercurial > oss > MCL > sf > os > security / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/testcertificates/openssl/generateCerts.pl
changeset 0 2c201484c85f
child 8 35751d3474b7
equal deleted inserted replaced
-1:000000000000 0:2c201484c85f 
       
     1 #
 
       
     2 # Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
 
       
     3 # All rights reserved.
 
       
     4 # This component and the accompanying materials are made available
 
       
     5 # under the terms of the License "Eclipse Public License v1.0"
 
       
     6 # which accompanies this distribution, and is available
 
       
     7 # at the URL "http://www.eclipse.org/legal/epl-v10.html".
 
       
     8 #
 
       
     9 # Initial Contributors:
 
       
    10 # Nokia Corporation - initial contribution.
 
       
    11 #
 
       
    12 # Contributors:
 
       
    13 #
 
       
    14 # Description: 
       
    15 # Generate certs for testing OCSP against OpenSSL implementation
 
       
    16 #
 
       
    17 
       
    18 
       
    19 # address of the Root5 responder, needed for Authority Info Access cert
 
       
    20 my $ocspR5addr = "http://cam-ocsptest01.intra:19003"; 
       
    21 
       
    22 # Address of the Apache server used for serving remote JAR files
 
       
    23 my $apacheaddr = "cam-ocsptest01.intra";
 
       
    24 
       
    25 
       
    26 sub head(@)
 
       
    27 {
 
       
    28 	my $src=shift(@_);
 
       
    29 	my $dest=shift(@_);
 
       
    30 	my $lines=shift(@_);
 
       
    31 
       
    32 	open(IN,"< $src")  or print("Can't open $src");
 
       
    33 	open(OUT,"> $dest") or print("Can't open $dest");
 
       
    34 	 
       
    35 	for (my $count=0; $count < $lines; $count++)
 
       
    36 	{
 
       
    37 		my $fline=<IN>;
 
       
    38 		print OUT $fline;
 
       
    39 	}
 
       
    40 	close(IN);
 
       
    41 	close(OUT);
 
       
    42 }
 
       
    43 
       
    44 sub createfile(@)
 
       
    45 {
 
       
    46 	open(TOUCH,">shift(@_)");
 
       
    47 	close(TOUCH);
 
       
    48 }
 
       
    49 
       
    50 # Create ca files
 
       
    51 sub mkcadirs(@)
 
       
    52 {
 
       
    53 	my $cadir=shift(@_);
 
       
    54 
       
    55 	unlink($cadir);
 
       
    56 	mkdir($cadir);
 
       
    57 	open(TOUCH,">$cadir\\index.txt");
 
       
    58 	close(TOUCH);
 
       
    59 	system("echo 01 > $cadir\\serial");
 
       
    60 	mkdir "$cadir\\private" ;
 
       
    61 	mkdir "$cadir\\certs";
 
       
    62 }
 
       
    63 
       
    64 
       
    65 
       
    66 
       
    67 
       
    68 # Trash existing data
 
       
    69 
       
    70 use File::Path;
 
       
    71 
       
    72 rmtree ("Root1",0,true);
 
       
    73 rmtree ("Root2",0,true);
 
       
    74 rmtree ("Root5",0,true);
 
       
    75 rmtree ("OCSPSigningRoot",0,true);
 
       
    76 rmtree ("Apache",0,true);
 
       
    77 rmtree ("Certs",0,true);
 
       
    78 mkdir "Certs";
 
       
    79 
       
    80 	 
       
    81 
       
    82 #############################################################
 
       
    83 ## OCSP	Certificates for testing
 
       
    84 ##
 
       
    85 ## There are three roots for testing OCSP, Root1, Root2 and Root5
 
       
    86 ##
 
       
    87 #############################################################
 
       
    88 
       
    89 
       
    90 
       
    91 # Root1 ##########################################################################
 
       
    92 
       
    93 mkcadirs("Root1");
 
       
    94 $cert_path = "$ENV{'SECURITYSOURCEDIR'}\\testframework\\testcertificates\\certman\\testcertificates";
 
       
    95   
       
    96 # Generate root cert
 
       
    97 system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root1\\private\\ca.key.pem -out Root1\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root1-RSA\" -days 3650 -nodes"); 
       
    98 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root1-RSA.der");
 
       
    99 
       
   100 # Generate Expired-R1
 
       
   101 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Expired-R1.key.pem -out Root1\\Expired-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R1\" -days 3650 -nodes");
 
       
   102 system("openssl ca  -out $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Expired-R1.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z");
 
       
   103 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R1.der");
 
       
   104 
       
   105 # Generate Good-R1
 
       
   106 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Good-R1.key.pem -out $cert_path\\openssl\\Root1\\Good-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R1\" -days 3650 -nodes");
 
       
   107 system("openssl ca  -config openssl.config -out $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -name Root1 -in Root1\\Good-R1.req.pem -batch -days 3650");
 
       
   108 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R1.der");
 
       
   109 
       
   110 # Generate Revoked-R1
 
       
   111 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Revoked-R1.key.pem -out $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R1\" -days 3650 -nodes");
 
       
   112 system("openssl ca  -out $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -batch -days 3650");
 
       
   113 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R1.der");
 
       
   114 system("openssl ca -config openssl.config -name Root1 -revoke $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -crl_reason keyCompromise");
 
       
   115 
       
   116 # Generate Unknown-R1
 
       
   117 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Unknown-R1.key.pem -out $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R1\" -days 3650 -nodes");
 
       
   118 system("openssl ca  -out $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -batch -days 3650");
 
       
   119 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R1.der");
 
       
   120 
       
   121 # remove Unknown-R1 from the CA
 
       
   122 rename("Root1\\index.txt","Root1\\index.txt.new");
 
       
   123 head("Root1\\index.txt.new","Root1\\index.txt",3);
 
       
   124 unlink("Root1\\Certs\\Unknown-R1.pem.pem");
 
       
   125 unlink("Root1\\index.txt.new");
 
       
   126 
       
   127 # Generate OCSPSigner-R1
 
       
   128 system("openssl req -extensions NoOCSP_Ext -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\OCSPSigner-R1.key.pem -out $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R1\" -days 3650 -nodes");
 
       
   129 system("openssl ca  -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root1 -in $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -batch -days 3650");
 
       
   130 system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R1.der");
 
       
   131 
       
   132 
       
   133 # Root2 ##########################################################################
 
       
   134 
       
   135 mkcadirs("Root2");
 
       
   136 
       
   137 
       
   138 system("openssl dsaparam -out Root2\\dsaparam.pem 1024");
 
       
   139 my $keyParams= "-newkey dsa:Root2\\dsaparam.pem";
 
       
   140 
       
   141 # my $keyParams="-newkey rsa:1024";
 
       
   142 
       
   143 
       
   144   
       
   145 # Generate root cert
 
       
   146 system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 $keyParams -keyout $cert_path\\openssl\\Root2\\private\\ca.key.pem -out $cert_path\\openssl\\Root2\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root2-DSA\" -days 6000 -nodes"); 
       
   147 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root2-DSA.der");
 
       
   148 
       
   149 # Generate Expired-R2
 
       
   150 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Expired-R2.key.pem -out $cert_path\\openssl\\Root2\\Expired-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R2\" -days 3650 -nodes");
 
       
   151 system("openssl ca  -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Expired-R2.req.pem -batch -out $cert_path\\openssl\\Root2\\Certs\\Expired-R2.pem -startdate 820203120000Z -enddate 820203120001Z");
 
       
   152 system("openssl x509 -in Root2\\Certs\\Expired-R2.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R2.der");
 
       
   153 
       
   154 # Generate Good-R2
 
       
   155 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Good-R2.key.pem -out $cert_path\\openssl\\Root2\\Good-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R2\" -days 3650 -nodes");
 
       
   156 system("openssl ca  -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Good-R2.req.pem -batch -days 3650");
 
       
   157 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R2.der");
 
       
   158 
       
   159 # Generate Revoked-R2
 
       
   160 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Revoked-R2.key.pem -out $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R2\" -days 3650 -nodes");
 
       
   161 system("openssl ca  -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -batch -days 3650");
 
       
   162 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R2.der");
 
       
   163 system("openssl ca -config openssl.config -name Root2 -revoke Root2\\Certs\\03.pem -crl_reason keyCompromise");
 
       
   164 
       
   165 # Generate Unknown-R2
 
       
   166 system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Unknown-R2.key.pem -out Root2\\Unknown-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R2\" -days 3650 -nodes");
 
       
   167 system("openssl ca  -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Unknown-R2.req.pem -batch -days 3650");
 
       
   168 system("openssl x509 -in Root2\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R2.der");
 
       
   169 
       
   170 # remove Unknown-R2 from the CA
 
       
   171 rename("Root2\\index.txt","Root2\\index.txt.new");
 
       
   172 head("Root2\\index.txt.new","Root2\\index.txt",3);
 
       
   173 unlink("Root2\\Certs\\04.pem");
 
       
   174 
       
   175 
       
   176 # Generate OCSPSigner-R2
 
       
   177 system("openssl req -extensions NoOCSP_Ext -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\OCSPSigner-R2.key.pem -out $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R2\" -days 6000 -nodes");
 
       
   178 system("openssl ca  -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -batch -days 6000");
 
       
   179 system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R2.der");
 
       
   180 
       
   181 
       
   182 # Root5 ##########################################################################
 
       
   183 
       
   184 mkcadirs("Root5");
 
       
   185   
       
   186 # Generate root cert
 
       
   187 system("openssl req -extensions Root5_Root_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root5\\private\\ca.key.pem -out Root5\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root5-RSA\" -days 3650 -nodes"); 
       
   188 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root5-RSA.der");
 
       
   189 
       
   190 # Generate Expired-R5
 
       
   191 system("openssl req  -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Expired-R5.key.pem -out Root5\\Expired-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R5\" -days 3650 -nodes");
 
       
   192 system("openssl ca  -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Expired-R5.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z");
 
       
   193 system("openssl x509 -in Root5\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R5.der");
 
       
   194 
       
   195 # Generate Good-R5
 
       
   196 system("openssl req -config openssl.config -newkey rsa:1024 -keyout Root5\\private\\Good-R5.key.pem -out Root5\\Good-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R5\" -days 3650 -nodes");
 
       
   197 system("openssl ca  -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Good-R5.req.pem -batch -days 3650");
 
       
   198 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R5.der");
 
       
   199 
       
   200 # Generate Revoked-R5
 
       
   201 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Revoked-R5.key.pem -out $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R5\" -days 3650 -nodes");
 
       
   202 system("openssl ca  -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -batch -days 3650");
 
       
   203 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R5.der");
 
       
   204 system("openssl ca -config openssl.config -name Root5 -revoke $cert_path\\openssl\\Root5\\Certs\\03.pem -crl_reason keyCompromise");
 
       
   205 
       
   206 # Generate Unknown-R5
 
       
   207 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Unknown-R5.key.pem -out $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R5\" -days 3650 -nodes");
 
       
   208 system("openssl ca  -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -batch -days 3650");
 
       
   209 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R5.der");
 
       
   210 
       
   211 # remove Unknown-R5 from the CA
 
       
   212 rename("Root5\\index.txt","Root5\\index.txt.new");
 
       
   213 head("Root5\\index.txt.new","Root5\\index.txt",3);
 
       
   214 unlink("$cert_path\\openssl\\Root5\\Certs\\04.pem");
 
       
   215 
       
   216 
       
   217 # Generate Mid-R5
 
       
   218 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\Mid-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Mid-R5\" -days 3650 -nodes");
 
       
   219 system("openssl ca  -extensions Root5_Mid -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Mid-R5.req.pem -batch -days 3650");
 
       
   220 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\Mid-R5.der");
 
       
   221 
       
   222 use File::Copy;
 
       
   223 
       
   224 copy("$cert_path\\openssl\\Root5\\private\\ca.key.pem","$cert_path\\openssl\\Root5-Mid\\Private\\Mid-R5.key.pem");
 
       
   225 copy("$cert_path\\openssl\\Root5\\Certs\\05.pem","$cert_path\\openssl\\Root5-Mid\\Certs\\Mid-R5.pem");
 
       
   226 
       
   227 system("openssl req -config openssl.config  -extensions Root5_Mid_EE -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Good-M5.key.pem -out $cert_path\\openssl\\Root5\\Good-M5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-M5\" -days 3650 -nodes");
 
       
   228 system("openssl x509 -extfile Good-M5.extensions -req -in $cert_path\\openssl\\Root5\\Good-M5.req.pem -CA $cert_path\\openssl\\Root5\\certs\\05.pem -CAkey $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\private\\Good-M5.cert.pem -CAserial Root5\\serial");
 
       
   229 system("openssl x509 -in Root5\\private\\Good-M5.cert.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-M5.der");
 
       
   230 
       
   231 
       
   232 # Generate OCSPSigner-R5
 
       
   233 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\OCSPSigner-R5.key.pem -out $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R5\" -days 6000 -nodes");
 
       
   234 system("openssl ca  -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root5 -in $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -batch -days 6000");
 
       
   235 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\07.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R5.der");
 
       
   236 
       
   237 
       
   238 #Generate GoodAIA-R5 cert, server specified in cert extension
 
       
   239 open(AIAEXT,">GoodAIA-R5.extension");
 
       
   240 print AIAEXT "authorityInfoAccess = OCSP;URI:$ocspR5addr";
 
       
   241 close(AIAEXT);
 
       
   242 
       
   243 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\GoodAIA-R5.key.pem -out $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=GoodAIA-R5\" -days 3650 -nodes");
 
       
   244 system("openssl ca  -extfile GoodAIA-R5.extension -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -batch -days 3650");
 
       
   245 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\08.pem -outform DER -out $cert_path\\openssl\\Certs\\GoodAIA-R5.der");
 
       
   246 
       
   247 unlink "GoodAIA-R5.extension";			
       
   248 
       
   249 
       
   250 # Apache certificate stuff
 
       
   251 
       
   252 mkdir("Apache");
 
       
   253 
       
   254 
       
   255 #Generate Apache-R5 cert, certificate used for SSL on apache server
 
       
   256 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Apache-R5.key.pem -out Root5\\Apache-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=$apacheaddr\" -days 6000 -nodes");
 
       
   257 system("openssl ca  -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Apache-R5.req.pem -batch -days 6000");
 
       
   258 system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\09.pem -outform DER -out $cert_path\\openssl\\Certs\\Apache-R5.der");
 
       
   259 
       
   260 copy("Root5\\Certs\\09.pem","$cert_path\\openssl\\Apache\\Apache-R5.pem");
 
       
   261 copy("Root5\\private\\$cert_path\\openssl\\Apache-R5.key.pem","$cert_path\\openssl\\Apache\\Apache-R5.key.pem");
 
       
   262 
       
   263 copy("$cert_path\\openssl\\Root5\\Certs\ca.pem","$cert_path\\openssl\\Apache\\Root5-RSA.pem");
 
       
   264 
       
   265 
       
   266 # OCSPSigningRoot ##########################################################################
 
       
   267 
       
   268 mkcadirs("OCSPSigningRoot");
 
       
   269   
       
   270 # Generate root cert
 
       
   271 system("openssl req -config openssl.config -x509 -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\ca.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigningRoot-RSA\" -days 3650 -nodes"); 
       
   272 system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigningRoot-RSA.der");
 
       
   273 
       
   274 # Generate Signer-OCSPR
 
       
   275 system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\Signer-OCSPR.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -subj \"/O=Symbian Software Ltd/CN=Signer-OCSPR\" -days 3650 -nodes");
 
       
   276 system("openssl ca  -config openssl.config -name OCSPSigningRoot -in $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -batch -days 3650");
 
       
   277 system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Signer-OCSPR.der");
MCL/sf/os/security