Contents of /trunk/apache2/gentestcrt.sh
Parent Directory | Revision Log
Revision 231 -
(show annotations)
(download)
(as text)
Sat Jun 30 02:24:36 2007 UTC (17 years, 3 months ago) by niro
File MIME type: application/x-sh
File size: 8685 byte(s)
Sat Jun 30 02:24:36 2007 UTC (17 years, 3 months ago) by niro
File MIME type: application/x-sh
File size: 8685 byte(s)
files for apache-2.2.4-r1
1 | #!/bin/sh |
2 | ## |
3 | ## gentestcrt -- Create self-signed test certificate |
4 | ## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft |
5 | ## Based on cca.sh script by Ralf S. Engelschall |
6 | ## |
7 | |
8 | # external tools |
9 | openssl="/usr/bin/openssl" |
10 | |
11 | # some optional terminal sequences |
12 | case $TERM in |
13 | xterm|xterm*|vt220|vt220*) |
14 | T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` |
15 | T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'` |
16 | ;; |
17 | vt100|vt100*) |
18 | T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'` |
19 | T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'` |
20 | ;; |
21 | default) |
22 | T_MD='' |
23 | T_ME='' |
24 | ;; |
25 | esac |
26 | |
27 | # find some random files |
28 | # (do not use /dev/random here, because this device |
29 | # doesn't work as expected on all platforms) |
30 | randfiles='' |
31 | for file in /var/log/messages /var/adm/messages \ |
32 | /kernel /vmunix /vmlinuz \ |
33 | /etc/hosts /etc/resolv.conf; do |
34 | if [ -f $file ]; then |
35 | if [ ".$randfiles" = . ]; then |
36 | randfiles="$file" |
37 | else |
38 | randfiles="${randfiles}:$file" |
39 | fi |
40 | fi |
41 | done |
42 | |
43 | |
44 | echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}" |
45 | echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft" |
46 | echo "Based on cca.sh script by Ralf S. Engelschall" |
47 | echo "" |
48 | |
49 | grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy |
50 | grep -q -s DUMMY server.key && mv server.key server.key.dummy |
51 | |
52 | echo "" |
53 | echo "" |
54 | |
55 | if [ ! -e ./server.crt -a ! -e ./server.key ];then |
56 | echo "Will create server.key and server.crt in `pwd`" |
57 | else |
58 | echo "server.key and server.crt already exist, dying" |
59 | exit |
60 | fi |
61 | |
62 | echo "" |
63 | |
64 | |
65 | mkdir -p /tmp/tmpssl-$$ |
66 | pushd /tmp/tmpssl-$$ > /dev/null |
67 | |
68 | |
69 | echo "${T_MD}INITIALIZATION${T_ME}" |
70 | |
71 | echo "" |
72 | echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}" |
73 | echo "______________________________________________________________________" |
74 | echo "" |
75 | echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}" |
76 | cp /dev/null ca.rnd |
77 | echo '01' >ca.ser |
78 | if [ ".$randfiles" != . ]; then |
79 | $openssl genrsa -rand $randfiles -out ca.key 1024 |
80 | else |
81 | $openssl genrsa -out ca.key 1024 |
82 | fi |
83 | if [ $? -ne 0 ]; then |
84 | echo "cca:Error: Failed to generate RSA private key" 1>&2 |
85 | exit 1 |
86 | fi |
87 | echo "______________________________________________________________________" |
88 | echo "" |
89 | echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}" |
90 | cat >.cfg <<EOT |
91 | [ req ] |
92 | default_bits = 1024 |
93 | distinguished_name = req_DN |
94 | RANDFILE = ca.rnd |
95 | [ req_DN ] |
96 | countryName = "1. Country Name (2 letter code)" |
97 | #countryName_default = CA |
98 | #countryName_min = 2 |
99 | countryName_max = 2 |
100 | stateOrProvinceName = "2. State or Province Name (full name) " |
101 | #stateOrProvinceName_default = "Quebec" |
102 | localityName = "3. Locality Name (eg, city) " |
103 | #localityName_default = "Montreal" |
104 | 0.organizationName = "4. Organization Name (eg, company) " |
105 | 0.organizationName_default = "Apache HTTP Server" |
106 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " |
107 | organizationalUnitName_default = "For testing purposes only" |
108 | commonName = "6. Common Name (eg, CA name) " |
109 | commonName_max = 64 |
110 | commonName_default = "localhost" |
111 | emailAddress = "7. Email Address (eg, name@FQDN)" |
112 | emailAddress_max = 40 |
113 | #emailAddress_default = "root@localhost" |
114 | EOT |
115 | $openssl req -config .cfg -new -key ca.key -out ca.csr |
116 | if [ $? -ne 0 ]; then |
117 | echo "cca:Error: Failed to generate certificate signing request" 1>&2 |
118 | exit 1 |
119 | fi |
120 | echo "______________________________________________________________________" |
121 | echo "" |
122 | echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}" |
123 | cat >.cfg <<EOT |
124 | #extensions = x509v3 |
125 | #[ x509v3 ] |
126 | #subjectAltName = email:copy |
127 | #basicConstraints = CA:true,pathlen:0 |
128 | #nsComment = "CCA generated custom CA certificate" |
129 | #nsCertType = sslCA |
130 | EOT |
131 | $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt |
132 | if [ $? -ne 0 ]; then |
133 | echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2 |
134 | exit 1 |
135 | fi |
136 | echo "______________________________________________________________________" |
137 | echo "" |
138 | echo "${T_MD}RESULT:${T_ME}" |
139 | $openssl verify ca.crt |
140 | if [ $? -ne 0 ]; then |
141 | echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 |
142 | exit 1 |
143 | fi |
144 | $openssl x509 -text -in ca.crt |
145 | $openssl rsa -text -in ca.key |
146 | |
147 | echo "${T_MD}CERTIFICATE GENERATION${T_ME}" |
148 | user="server" |
149 | |
150 | echo "" |
151 | echo "${T_MD}Generating custom USER${T_ME} [$user]" |
152 | echo "______________________________________________________________________" |
153 | echo "" |
154 | echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}" |
155 | if [ ".$randfiles" != . ]; then |
156 | $openssl genrsa -rand $randfiles -out $user.key 1024 |
157 | else |
158 | $openssl genrsa -out $user.key 1024 |
159 | fi |
160 | if [ $? -ne 0 ]; then |
161 | echo "cca:Error: Failed to generate RSA private key" 1>&2 |
162 | exit 1 |
163 | fi |
164 | echo "______________________________________________________________________" |
165 | echo "" |
166 | echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}" |
167 | cat >.cfg <<EOT |
168 | [ req ] |
169 | default_bits = 1024 |
170 | distinguished_name = req_DN |
171 | RANDFILE = ca.rnd |
172 | [ req_DN ] |
173 | countryName = "1. Country Name (2 letter code)" |
174 | #countryName_default = XY |
175 | #countryName_min = 2 |
176 | countryName_max = 2 |
177 | stateOrProvinceName = "2. State or Province Name (full name) " |
178 | #stateOrProvinceName_default = "Unknown" |
179 | localityName = "3. Locality Name (eg, city) " |
180 | #localityName_default = "Server Room" |
181 | 0.organizationName = "4. Organization Name (eg, company) " |
182 | 0.organizationName_default = "Apache HTTP Server" |
183 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " |
184 | organizationalUnitName_default = "Test Certificate" |
185 | commonName = "6. Common Name (eg, DOMAIN NAME) " |
186 | commonName_max = 64 |
187 | commonName_default = "localhost" |
188 | emailAddress = "7. Email Address (eg, name@fqdn)" |
189 | emailAddress_max = 40 |
190 | #emailAddress_default = "root@localhost" |
191 | EOT |
192 | $openssl req -config .cfg -new -key $user.key -out $user.csr |
193 | if [ $? -ne 0 ]; then |
194 | echo "cca:Error: Failed to generate certificate signing request" 1>&2 |
195 | exit 1 |
196 | fi |
197 | rm -f .cfg |
198 | echo "______________________________________________________________________" |
199 | echo "" |
200 | echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}" |
201 | cat >.cfg <<EOT |
202 | #extensions = x509v3 |
203 | #[ x509v3 ] |
204 | #subjectAltName = email:copy |
205 | #basicConstraints = CA:false,pathlen:0 |
206 | #nsComment = "CCA generated client certificate" |
207 | #nsCertType = client |
208 | EOT |
209 | $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt |
210 | if [ $? -ne 0 ]; then |
211 | echo "cca:Error: Failed to generate X.509 certificate" 1>&2 |
212 | exit 1 |
213 | fi |
214 | caname="`$openssl x509 -noout -text -in ca.crt |\ |
215 | grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" |
216 | username="`$openssl x509 -noout -text -in $user.crt |\ |
217 | grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" |
218 | # echo "Assembling PKCS#12 package" |
219 | # $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12 |
220 | echo "______________________________________________________________________" |
221 | echo "" |
222 | echo "${T_MD}RESULT:${T_ME}" |
223 | $openssl verify -CAfile ca.crt $user.crt |
224 | if [ $? -ne 0 ]; then |
225 | echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 |
226 | exit 1 |
227 | fi |
228 | $openssl x509 -text -in $user.crt |
229 | $openssl rsa -text -in $user.key |
230 | |
231 | |
232 | popd >/dev/null |
233 | |
234 | |
235 | rm -f /tmp/tmpssl-$$/*.csr |
236 | rm -f /tmp/tmpssl-$$/ca.* |
237 | chmod 400 /tmp/tmpssl-$$/* |
238 | |
239 | echo "Certificate creation done!" |
240 | cp /tmp/tmpssl-$$/server.* . |
241 | |
242 | rm -rf /tmp/tmpssl-$$ |
Properties
Name | Value |
---|---|
svn:executable | * |