diff options
author | Kamil Dudka <kdudka@redhat.com> | 2010-05-27 23:33:19 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2010-05-27 23:33:19 +0200 |
commit | 645bdd837a0345a04d01a32e89b94571228a864b (patch) | |
tree | 38115ae529273806eff59ca70c17e9a63ec24985 /tests/certs/scripts | |
parent | c03cbb38ad27465a014f7abfe1438033071d2b6f (diff) |
tests/certs/scripts: generate also CRL
... and make it possible to do so without any user interaction
Diffstat (limited to 'tests/certs/scripts')
-rwxr-xr-x | tests/certs/scripts/genroot.sh | 7 | ||||
-rwxr-xr-x | tests/certs/scripts/genserv.sh | 16 |
2 files changed, 16 insertions, 7 deletions
diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh index b463e2c6e..6ac138873 100755 --- a/tests/certs/scripts/genroot.sh +++ b/tests/certs/scripts/genroot.sh @@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"` echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE -echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr" -$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr +echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX" +openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret + +echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr" +$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 " diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh index 61145d84b..a70da9c76 100755 --- a/tests/certs/scripts/genserv.sh +++ b/tests/certs/scripts/genserv.sh @@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then NOTOK=1 else if [ ! -f $CAPREFIX-ca.cacert ] ; then - echo No CA certficate file $PREFIX-ca.caert + echo No CA certficate file $CAPREFIX-ca.caert NOTOK=1 fi if [ ! -f $CAPREFIX-ca.key ] ; then @@ -74,7 +74,6 @@ fi echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key" $OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret echo pseudo secrets generated -read echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1" @@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt " $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt - - read fi echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline" $OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline +# revoke server cert +touch $CAPREFIX-ca.db +echo 01 > $CAPREFIX-ca.cnt +echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt" +$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt + +# issue CRL +echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl" +$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl + echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der " $OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der -read # all together now touch $PREFIX-sv.dhp |