summaryrefslogtreecommitdiffstats
path: root/test/ocsp-tests/mk-ocsp-cert-chain.sh
diff options
context:
space:
mode:
Diffstat (limited to 'test/ocsp-tests/mk-ocsp-cert-chain.sh')
-rwxr-xr-xtest/ocsp-tests/mk-ocsp-cert-chain.sh100
1 files changed, 100 insertions, 0 deletions
diff --git a/test/ocsp-tests/mk-ocsp-cert-chain.sh b/test/ocsp-tests/mk-ocsp-cert-chain.sh
new file mode 100755
index 0000000000..0f4976ac55
--- /dev/null
+++ b/test/ocsp-tests/mk-ocsp-cert-chain.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+opensslcmd() {
+ LD_LIBRARY_PATH=../.. ../../apps/openssl $@
+}
+
+# report the openssl version
+opensslcmd version
+
+echo "Creating private keys and certs..."
+
+#####
+
+# root CA private key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:secp521r1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out root-key.pem
+
+# root CA certificate (self-signed)
+opensslcmd req \
+ -config ca.cnf \
+ -x509 \
+ -days 3650 \
+ -key root-key.pem \
+ -subj /CN=TestRootCA \
+ -out root-cert.pem
+#####
+
+# intermediate CA private key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:secp384r1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out intermediate-key.pem
+
+# intermediate CA certificate-signing-request
+opensslcmd req \
+ -config ca.cnf \
+ -new \
+ -key intermediate-key.pem \
+ -subj /CN=TestIntermediateCA \
+ -out intermediate-csr.pem
+
+# intermediate CA certificate (signed by root CA)
+opensslcmd req \
+ -config ca.cnf \
+ -x509 \
+ -days 1825 \
+ -CA root-cert.pem \
+ -CAkey root-key.pem \
+ -in intermediate-csr.pem \
+ -copy_extensions copyall \
+ -out intermediate-cert.pem
+#####
+
+# server key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:prime256v1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out server-key.pem
+
+# server certificate-signing-request
+opensslcmd req \
+ -config ca.cnf \
+ -extensions usr_cert \
+ -new \
+ -key server-key.pem \
+ -subj /CN=TestServerCA \
+ -out server-csr.pem
+
+# server certificate (signed by intermediate CA)
+opensslcmd req \
+ -config ca.cnf \
+ -extensions usr_cert \
+ -x509 \
+ -days 365 \
+ -CA intermediate-cert.pem \
+ -CAkey intermediate-key.pem \
+ -in server-csr.pem \
+ -copy_extensions copyall \
+ -out server-cert.pem
+#####
+
+rm -f index.txt index.txt.attr
+echo -n > index.txt
+opensslcmd ca \
+ -config ca.cnf \
+ -valid server-cert.pem \
+ -keyfile intermediate-key.pem \
+ -cert intermediate-cert.pem
+rm -f index.txt.old
+#####
+
+cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
+cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
+
+echo "Done."
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 16:37:54 +0000