trunk/apache2/gentestcrt.sh

#!/bin/sh
##
##  gentestcrt -- Create self-signed test certificate
##  (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
##  Based on cca.sh script by Ralf S. Engelschall
##

#   external tools
openssl="/usr/bin/openssl"

#   some optional terminal sequences
case $TERM in
    xterm|xterm*|vt220|vt220*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
        ;;
    vt100|vt100*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
        ;;
    default)
        T_MD=''
        T_ME=''
        ;;
esac

#   find some random files
#   (do not use /dev/random here, because this device 
#   doesn't work as expected on all platforms)
randfiles=''
for file in /var/log/messages /var/adm/messages \
            /kernel /vmunix /vmlinuz \
            /etc/hosts /etc/resolv.conf; do
    if [ -f $file ]; then
        if [ ".$randfiles" = . ]; then
            randfiles="$file"
        else
            randfiles="${randfiles}:$file"
        fi
    fi
done


echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
echo "Based on cca.sh script by Ralf S. Engelschall"
echo ""

grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
grep -q -s DUMMY server.key && mv server.key server.key.dummy

echo ""
echo ""

if [ ! -e ./server.crt -a ! -e ./server.key ];then 
	echo "Will create server.key and server.crt in `pwd`"
else
	echo "server.key and server.crt already exist, dying"
	exit
fi

echo ""


mkdir -p /tmp/tmpssl-$$
pushd /tmp/tmpssl-$$ > /dev/null


    echo "${T_MD}INITIALIZATION${T_ME}"

    echo ""
    echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
    cp /dev/null ca.rnd
    echo '01' >ca.ser
    if [ ".$randfiles" != . ]; then
        $openssl genrsa -rand $randfiles -out ca.key 1024
    else
        $openssl genrsa -out ca.key 1024
    fi
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate RSA private key" 1>&2
        exit 1
    fi
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
    cat >.cfg <<EOT
[ req ]
default_bits                    = 1024
distinguished_name              = req_DN
RANDFILE                        = ca.rnd
[ req_DN ]
countryName                     = "1. Country Name             (2 letter code)"
#countryName_default             = CA
#countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = "2. State or Province Name   (full name)    "
#stateOrProvinceName_default     = "Quebec"
localityName                    = "3. Locality Name            (eg, city)     "
#localityName_default            = "Montreal"
0.organizationName              = "4. Organization Name        (eg, company)  "
0.organizationName_default      = "Apache HTTP Server"
organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
organizationalUnitName_default  = "For testing purposes only"
commonName                      = "6. Common Name              (eg, CA name)  "
commonName_max                  = 64
commonName_default              = "localhost"
emailAddress                    = "7. Email Address            (eg, name@FQDN)"
emailAddress_max                = 40
#emailAddress_default            = "root@localhost"
EOT
    $openssl req -config .cfg -new -key ca.key -out ca.csr
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate certificate signing request" 1>&2
        exit 1
    fi
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
    cat >.cfg <<EOT
#extensions = x509v3
#[ x509v3 ]
#subjectAltName   = email:copy
#basicConstraints = CA:true,pathlen:0
#nsComment        = "CCA generated custom CA certificate"
#nsCertType       = sslCA
EOT
    $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
        exit 1
    fi
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}RESULT:${T_ME}"
    $openssl verify ca.crt
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
        exit 1
    fi
    $openssl x509 -text -in ca.crt
    $openssl rsa -text -in ca.key

    echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
    user="server"

    echo ""
    echo "${T_MD}Generating custom USER${T_ME} [$user]"
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
    if [ ".$randfiles" != . ]; then
        $openssl genrsa -rand $randfiles -out $user.key 1024
    else
        $openssl genrsa -out $user.key 1024
    fi
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate RSA private key" 1>&2
        exit 1
    fi
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
    cat >.cfg <<EOT
[ req ]
default_bits                    = 1024
distinguished_name              = req_DN
RANDFILE                        = ca.rnd
[ req_DN ]
countryName                     = "1. Country Name             (2 letter code)"
#countryName_default             = XY
#countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = "2. State or Province Name   (full name)    "
#stateOrProvinceName_default     = "Unknown"
localityName                    = "3. Locality Name            (eg, city)     "
#localityName_default            = "Server Room"
0.organizationName              = "4. Organization Name        (eg, company)  "
0.organizationName_default      = "Apache HTTP Server"
organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
organizationalUnitName_default  = "Test Certificate"
commonName                      = "6. Common Name              (eg, DOMAIN NAME)  "
commonName_max                  = 64
commonName_default              = "localhost"
emailAddress                    = "7. Email Address            (eg, name@fqdn)"
emailAddress_max                = 40
#emailAddress_default            = "root@localhost"
EOT
    $openssl req -config .cfg -new -key $user.key -out $user.csr
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate certificate signing request" 1>&2
        exit 1
    fi
    rm -f .cfg
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
    cat >.cfg <<EOT
#extensions = x509v3
#[ x509v3 ]
#subjectAltName   = email:copy
#basicConstraints = CA:false,pathlen:0
#nsComment        = "CCA generated client certificate"
#nsCertType       = client
EOT
    $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to generate X.509 certificate" 1>&2
        exit 1
    fi
    caname="`$openssl x509 -noout -text -in ca.crt |\
             grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
    username="`$openssl x509 -noout -text -in $user.crt |\
               grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
#    echo "Assembling PKCS#12 package"
#    $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
    echo "______________________________________________________________________"
    echo ""
    echo "${T_MD}RESULT:${T_ME}"
    $openssl verify -CAfile ca.crt $user.crt
    if [ $? -ne 0 ]; then
        echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
        exit 1
    fi
    $openssl x509 -text -in $user.crt
    $openssl rsa -text -in $user.key


popd >/dev/null


rm -f /tmp/tmpssl-$$/*.csr
rm -f /tmp/tmpssl-$$/ca.*
chmod 400 /tmp/tmpssl-$$/*

echo "Certificate creation done!"
cp /tmp/tmpssl-$$/server.* .

rm -rf /tmp/tmpssl-$$
1	niro	231	#!/bin/sh
2			##
3			## gentestcrt -- Create self-signed test certificate
4			## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
5			## Based on cca.sh script by Ralf S. Engelschall
6			##
7
8			# external tools
9			openssl="/usr/bin/openssl"
10
11			# some optional terminal sequences
12			case $TERM in
13			xterm\|xterm\|vt220\|vt220)
14			T_MD=`echo dummy \| awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
15			T_ME=`echo dummy \| awk '{ printf("%c%c%c", 27, 91, 109); }'`
16			;;
17			vt100\|vt100*)
18			T_MD=`echo dummy \| awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
19			T_ME=`echo dummy \| awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
20			;;
21			default)
22			T_MD=''
23			T_ME=''
24			;;
25			esac
26
27			# find some random files
28			# (do not use /dev/random here, because this device
29			# doesn't work as expected on all platforms)
30			randfiles=''
31			for file in /var/log/messages /var/adm/messages \
32			/kernel /vmunix /vmlinuz \
33			/etc/hosts /etc/resolv.conf; do
34			if [ -f $file ]; then
35			if [ ".$randfiles" = . ]; then
36			randfiles="$file"
37			else
38			randfiles="${randfiles}:$file"
39			fi
40			fi
41			done
42
43
44			echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
45			echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
46			echo "Based on cca.sh script by Ralf S. Engelschall"
47			echo ""
48
49			grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
50			grep -q -s DUMMY server.key && mv server.key server.key.dummy
51
52			echo ""
53			echo ""
54
55			if [ ! -e ./server.crt -a ! -e ./server.key ];then
56			echo "Will create server.key and server.crt in `pwd`"
57			else
58			echo "server.key and server.crt already exist, dying"
59			exit
60			fi
61
62			echo ""
63
64
65			mkdir -p /tmp/tmpssl-$$
66			pushd /tmp/tmpssl-$$ > /dev/null
67
68
69			echo "${T_MD}INITIALIZATION${T_ME}"
70
71			echo ""
72			echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
73			echo "______________________________________________________________________"
74			echo ""
75			echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
76			cp /dev/null ca.rnd
77			echo '01' >ca.ser
78			if [ ".$randfiles" != . ]; then
79			$openssl genrsa -rand $randfiles -out ca.key 1024
80			else
81			$openssl genrsa -out ca.key 1024
82			fi
83			if [ $? -ne 0 ]; then
84			echo "cca:Error: Failed to generate RSA private key" 1>&2
85			exit 1
86			fi
87			echo "______________________________________________________________________"
88			echo ""
89			echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
90			cat >.cfg <<EOT
91			[ req ]
92			default_bits = 1024
93			distinguished_name = req_DN
94			RANDFILE = ca.rnd
95			[ req_DN ]
96			countryName = "1. Country Name (2 letter code)"
97			#countryName_default = CA
98			#countryName_min = 2
99			countryName_max = 2
100			stateOrProvinceName = "2. State or Province Name (full name) "
101			#stateOrProvinceName_default = "Quebec"
102			localityName = "3. Locality Name (eg, city) "
103			#localityName_default = "Montreal"
104			0.organizationName = "4. Organization Name (eg, company) "
105			0.organizationName_default = "Apache HTTP Server"
106			organizationalUnitName = "5. Organizational Unit Name (eg, section) "
107			organizationalUnitName_default = "For testing purposes only"
108			commonName = "6. Common Name (eg, CA name) "
109			commonName_max = 64
110			commonName_default = "localhost"
111			emailAddress = "7. Email Address (eg, name@FQDN)"
112			emailAddress_max = 40
113			#emailAddress_default = "root@localhost"
114			EOT
115			$openssl req -config .cfg -new -key ca.key -out ca.csr
116			if [ $? -ne 0 ]; then
117			echo "cca:Error: Failed to generate certificate signing request" 1>&2
118			exit 1
119			fi
120			echo "______________________________________________________________________"
121			echo ""
122			echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
123			cat >.cfg <<EOT
124			#extensions = x509v3
125			#[ x509v3 ]
126			#subjectAltName = email:copy
127			#basicConstraints = CA:true,pathlen:0
128			#nsComment = "CCA generated custom CA certificate"
129			#nsCertType = sslCA
130			EOT
131			$openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
132			if [ $? -ne 0 ]; then
133			echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
134			exit 1
135			fi
136			echo "______________________________________________________________________"
137			echo ""
138			echo "${T_MD}RESULT:${T_ME}"
139			$openssl verify ca.crt
140			if [ $? -ne 0 ]; then
141			echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
142			exit 1
143			fi
144			$openssl x509 -text -in ca.crt
145			$openssl rsa -text -in ca.key
146
147			echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
148			user="server"
149
150			echo ""
151			echo "${T_MD}Generating custom USER${T_ME} [$user]"
152			echo "______________________________________________________________________"
153			echo ""
154			echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
155			if [ ".$randfiles" != . ]; then
156			$openssl genrsa -rand $randfiles -out $user.key 1024
157			else
158			$openssl genrsa -out $user.key 1024
159			fi
160			if [ $? -ne 0 ]; then
161			echo "cca:Error: Failed to generate RSA private key" 1>&2
162			exit 1
163			fi
164			echo "______________________________________________________________________"
165			echo ""
166			echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
167			cat >.cfg <<EOT
168			[ req ]
169			default_bits = 1024
170			distinguished_name = req_DN
171			RANDFILE = ca.rnd
172			[ req_DN ]
173			countryName = "1. Country Name (2 letter code)"
174			#countryName_default = XY
175			#countryName_min = 2
176			countryName_max = 2
177			stateOrProvinceName = "2. State or Province Name (full name) "
178			#stateOrProvinceName_default = "Unknown"
179			localityName = "3. Locality Name (eg, city) "
180			#localityName_default = "Server Room"
181			0.organizationName = "4. Organization Name (eg, company) "
182			0.organizationName_default = "Apache HTTP Server"
183			organizationalUnitName = "5. Organizational Unit Name (eg, section) "
184			organizationalUnitName_default = "Test Certificate"
185			commonName = "6. Common Name (eg, DOMAIN NAME) "
186			commonName_max = 64
187			commonName_default = "localhost"
188			emailAddress = "7. Email Address (eg, name@fqdn)"
189			emailAddress_max = 40
190			#emailAddress_default = "root@localhost"
191			EOT
192			$openssl req -config .cfg -new -key $user.key -out $user.csr
193			if [ $? -ne 0 ]; then
194			echo "cca:Error: Failed to generate certificate signing request" 1>&2
195			exit 1
196			fi
197			rm -f .cfg
198			echo "______________________________________________________________________"
199			echo ""
200			echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
201			cat >.cfg <<EOT
202			#extensions = x509v3
203			#[ x509v3 ]
204			#subjectAltName = email:copy
205			#basicConstraints = CA:false,pathlen:0
206			#nsComment = "CCA generated client certificate"
207			#nsCertType = client
208			EOT
209			$openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
210			if [ $? -ne 0 ]; then
211			echo "cca:Error: Failed to generate X.509 certificate" 1>&2
212			exit 1
213			fi
214			caname="`$openssl x509 -noout -text -in ca.crt \|\
215			grep Subject: \| sed -e 's;.CN=;;' -e 's;/Em.;;'`"
216			username="`$openssl x509 -noout -text -in $user.crt \|\
217			grep Subject: \| sed -e 's;.CN=;;' -e 's;/Em.;;'`"
218			# echo "Assembling PKCS#12 package"
219			# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
220			echo "______________________________________________________________________"
221			echo ""
222			echo "${T_MD}RESULT:${T_ME}"
223			$openssl verify -CAfile ca.crt $user.crt
224			if [ $? -ne 0 ]; then
225			echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
226			exit 1
227			fi
228			$openssl x509 -text -in $user.crt
229			$openssl rsa -text -in $user.key
230
231
232			popd >/dev/null
233
234
235			rm -f /tmp/tmpssl-$$/*.csr
236			rm -f /tmp/tmpssl-$$/ca.*
237			chmod 400 /tmp/tmpssl-$$/*
238
239			echo "Certificate creation done!"
240			cp /tmp/tmpssl-$$/server.* .
241
242			rm -rf /tmp/tmpssl-$$