10 if [ ! -f "${key}.pem" ]; then
12 -paramfile <(openssl ecparam
-name prime256v1
) \
21 openssl req
-new -sha256 -key "${key}.pem" \
22 -config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \
23 "prompt = yes" "distinguished_name = dn") \
31 openssl x509
-req -sha256 -out "${cert}.pem" \
32 -extfile <(printf "%s\n" "$exts") "$@"
40 exts
=$
(printf "%s\n%s\n%s\n%s\n" \
41 "subjectKeyIdentifier = hash" \
42 "authorityKeyIdentifier = keyid" \
43 "basicConstraints = CA:true" \
44 "keyUsage = keyCertSign, cRLSign" )
45 key
"$key"; req
"$key" "$dn" |
46 cert
"$cert" "$exts" -signkey "${key}.pem" \
47 -set_serial 1 -days "${DAYS}"
55 local cacert
=$1; shift
57 exts
=$
(printf "%s\n%s\n%s\n%s\n" \
58 "subjectKeyIdentifier = hash" \
59 "authorityKeyIdentifier = keyid, issuer" \
60 "basicConstraints = CA:false" \
61 "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \
63 key
"$key"; req
"$key" "$dn" |
64 cert
"$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
65 -set_serial 2 -days "${DAYS}" "$@"
69 genroot
"/C=SE/O=Heimdal/CN=CA secp256r1" \
70 secp256r1TestCA.key secp256r1TestCA.cert
71 genee
"/C=SE/O=Heimdal/CN=Server" \
72 secp256r2TestServer.key secp256r2TestServer.cert \
73 secp256r1TestCA.key secp256r1TestCA.cert
74 genee
"/C=SE/O=Heimdal/CN=Client" \
75 secp256r2TestClient.key secp256r2TestClient.cert \
76 secp256r1TestCA.key secp256r1TestCA.cert
78 cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem
> \
80 cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem
> \
81 secp256r2TestClient.pem
82 cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem
> \
83 secp256r2TestServer.pem