mirror of
https://github.com/stefanocasazza/ULib.git
synced 2025-09-28 19:05:55 +08:00
63 lines
1.3 KiB
Bash
Executable File
63 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
#if [ $# -eq 0 ]; then
|
|
# echo $"Usage: `basename $0` days [...]"
|
|
# exit 0
|
|
#fi
|
|
|
|
answers() {
|
|
echo IT
|
|
echo Italy
|
|
echo Sesto Fiorentino
|
|
echo Unirel spa
|
|
echo $1
|
|
echo localhost.localdomain
|
|
echo root@localhost.localdomain
|
|
echo # A challenge password []:
|
|
echo # An optional company name []:
|
|
}
|
|
|
|
export OPENSSL=openssl
|
|
|
|
openssl_ca="$OPENSSL ca -config ./openssl.cnf -days 4000"
|
|
openssl_req="$OPENSSL req -config ./openssl.cnf -days 4000"
|
|
|
|
touch index.txt
|
|
mkdir -p private newcerts
|
|
|
|
umask 077
|
|
|
|
if [ ! -f serial ]; then
|
|
echo 01 > serial
|
|
fi
|
|
|
|
# TSA
|
|
# echo 01 > tsaserial
|
|
|
|
# Generate CA key/cert
|
|
answers CA | $openssl_req -x509 -newkey rsa:1024 -keyout private/cakey.pem -out cacert.pem
|
|
# Generate server key/cert
|
|
answers server | $openssl_req -newkey rsa:1024 -keyout server.key -out server.csr
|
|
# Generate user key/cert
|
|
answers username | $openssl_req -newkey rsa:1024 -keyout username.key -out username.csr
|
|
|
|
# Sign keys
|
|
$openssl_ca -in server.csr -out server.crt
|
|
$openssl_ca -in username.csr -out username.crt
|
|
|
|
# emit CRL
|
|
echo 01 > crlnumber
|
|
|
|
$openssl_ca -gencrl -out crl.pem # -revoke compromised_cert.pem
|
|
|
|
rm -f 0[0-9].pem *.csr *.old
|
|
|
|
mkdir -p CApath
|
|
cd CApath
|
|
cp ../server.crt server.pem
|
|
cp ../username.crt username.pem
|
|
cp ../cacert.pem .
|
|
cp ../crl.pem .
|
|
c_rehash .
|
|
rm -f *.pem
|