diff options
Diffstat (limited to 'test/ocsp-tests/mk-ocsp-cert-chain.sh')
-rwxr-xr-x | test/ocsp-tests/mk-ocsp-cert-chain.sh | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/test/ocsp-tests/mk-ocsp-cert-chain.sh b/test/ocsp-tests/mk-ocsp-cert-chain.sh new file mode 100755 index 0000000000..0f4976ac55 --- /dev/null +++ b/test/ocsp-tests/mk-ocsp-cert-chain.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +opensslcmd() { + LD_LIBRARY_PATH=../.. ../../apps/openssl $@ +} + +# report the openssl version +opensslcmd version + +echo "Creating private keys and certs..." + +##### + +# root CA private key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:secp521r1 \ + -pkeyopt ec_param_enc:named_curve \ + -out root-key.pem + +# root CA certificate (self-signed) +opensslcmd req \ + -config ca.cnf \ + -x509 \ + -days 3650 \ + -key root-key.pem \ + -subj /CN=TestRootCA \ + -out root-cert.pem +##### + +# intermediate CA private key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:secp384r1 \ + -pkeyopt ec_param_enc:named_curve \ + -out intermediate-key.pem + +# intermediate CA certificate-signing-request +opensslcmd req \ + -config ca.cnf \ + -new \ + -key intermediate-key.pem \ + -subj /CN=TestIntermediateCA \ + -out intermediate-csr.pem + +# intermediate CA certificate (signed by root CA) +opensslcmd req \ + -config ca.cnf \ + -x509 \ + -days 1825 \ + -CA root-cert.pem \ + -CAkey root-key.pem \ + -in intermediate-csr.pem \ + -copy_extensions copyall \ + -out intermediate-cert.pem +##### + +# server key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:prime256v1 \ + -pkeyopt ec_param_enc:named_curve \ + -out server-key.pem + +# server certificate-signing-request +opensslcmd req \ + -config ca.cnf \ + -extensions usr_cert \ + -new \ + -key server-key.pem \ + -subj /CN=TestServerCA \ + -out server-csr.pem + +# server certificate (signed by intermediate CA) +opensslcmd req \ + -config ca.cnf \ + -extensions usr_cert \ + -x509 \ + -days 365 \ + -CA intermediate-cert.pem \ + -CAkey intermediate-key.pem \ + -in server-csr.pem \ + -copy_extensions copyall \ + -out server-cert.pem +##### + +rm -f index.txt index.txt.attr +echo -n > index.txt +opensslcmd ca \ + -config ca.cnf \ + -valid server-cert.pem \ + -keyfile intermediate-key.pem \ + -cert intermediate-cert.pem +rm -f index.txt.old +##### + +cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem +cat intermediate-cert.pem intermediate-key.pem > ocsp.pem + +echo "Done." |