2 # Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 #Prerequisite to run script is to
18 #create root certificate and directory structure (demoCA) with command:
19 #/usr/lib/ssl/misc/CA.sh -newca
20 #for automated tests default structure is created in demoCA.init
22 #make sure current dir has no files from previous generation
23 rm -r 1* 2* 3* ca* respcert* demoCA
24 cp -R demoCA.init demoCA
25 echo "01" > ./demoCA/crlnumber
30 openssl genrsa -out ${index}second_level.key 1024 -passin pass:1234 -config ./openssl.cnf
31 openssl req -new -key ${index}second_level.key -out ${index}second_level.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT
43 openssl ca -in ${index}second_level.csr -out ${index}second_level.pem -passin pass:1234 -config ./openssl.cnf -extensions v3_ca <<CONTENT
49 openssl req -new -keyout ${index}third_level.key -out ${index}third_level.request -passin pass:1234 -passout pass:1234 -days 365 -config ./openssl.cnf <<CONTENT
61 openssl ca -config ./openssl.cnf -extensions v3_ca -policy policy_anything -keyfile ${index}second_level.key -cert ${index}second_level.pem -out ${index}third_level.pem -infiles ${index}third_level.request <<CONTENT
68 #generate OCSP response signing certificate
69 openssl genrsa -out respcert.key 1024 -passin pass:1234 -config ./openssl.cnf
70 openssl req -new -key respcert.key -out respcert.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT
82 openssl ca -in respcert.csr -out respcert.pem -passin pass:1234 -config ./openssl.cnf -extensions ocsp_cert <<CONTENT
88 openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf
89 openssl ca -passin pass:1234 -revoke 1third_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf
90 openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf
92 openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf
93 openssl ca -passin pass:1234 -revoke 2second_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf
94 openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf