3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA.
18 try echo 1 > out/2048-sha1-root-serial
19 touch out/2048-sha1-root-index.txt
22 try openssl genrsa -out out/2048-sha1-root.key 2048
24 # Generate the root certificate
25 CA_COMMON_NAME="Test Root CA" \
28 -key out/2048-sha1-root.key \
29 -out out/2048-sha1-root.req \
32 CA_COMMON_NAME="Test Root CA" \
35 -in out/2048-sha1-root.req \
36 -out out/2048-sha1-root.pem \
38 -signkey out/2048-sha1-root.key \
42 # Generate the leaf certificate requests
45 -keyout out/expired_cert.key \
46 -out out/expired_cert.req \
51 -keyout out/ok_cert.key \
52 -out out/ok_cert.req \
55 # Generate the leaf certificates
56 CA_COMMON_NAME="Test Root CA" \
59 -extensions user_cert \
60 -startdate 060101000000Z \
61 -enddate 070101000000Z \
62 -in out/expired_cert.req \
63 -out out/expired_cert.pem \
66 CA_COMMON_NAME="Test Root CA" \
69 -extensions user_cert \
72 -out out/ok_cert.pem \
75 cat out/ok_cert.key out/ok_cert.pem \
76 > ../certificates/ok_cert.pem
77 cat out/expired_cert.key out/expired_cert.pem \
78 > ../certificates/expired_cert.pem
79 cat out/2048-sha1-root.key out/2048-sha1-root.pem \
80 > ../certificates/root_ca_cert.pem