mirror of
https://github.com/stefanocasazza/ULib.git
synced 2025-09-28 19:05:55 +08:00
41 lines
916 B
Bash
Executable File
41 lines
916 B
Bash
Executable File
#!/bin/sh
|
|
|
|
touch index.txt
|
|
mkdir -p private
|
|
|
|
if [ ! -f serial ]; then
|
|
echo 01 > serial
|
|
fi
|
|
|
|
openssl_ca="openssl ca -config openssl.cnf -days 40000"
|
|
openssl_req="openssl req -config openssl.cnf -days 40000"
|
|
|
|
# Generate DH params
|
|
#$openssl dhparam -out dh1024.pem 1024
|
|
|
|
# Generate CA key/cert
|
|
$openssl_req -x509 -newkey rsa:1024 -keyout private/cakey.pem -out cacert.pem
|
|
|
|
# Generate server key/cert
|
|
$openssl_req -new -nodes -keyout server.key -out server.csr
|
|
|
|
# Generate user key/cert
|
|
# $openssl_req -newkey rsa:1024 -keyout username.key -out username.csr
|
|
|
|
# Sign keys
|
|
$openssl_ca -in server.csr -out server.crt
|
|
# $openssl_ca -in username.csr -out username.crt
|
|
|
|
# emit CRL
|
|
# $openssl_ca -gencrl -out crl.pem # -revoke compromised_cert.pem
|
|
|
|
rm -f 0[0-9].pem *.csr *.old
|
|
|
|
mkdir -p CApath
|
|
cd CApath
|
|
ln -sf ../server.crt server.pem
|
|
#ln -sf ../username.crt username.pem
|
|
ln -sf ../cacert.pem
|
|
#ln -sf ../crl.pem
|
|
c_rehash .
|