t/sslgen.sh

   1 #!/bin/sh
   2 set -e
   3
   4 lock=$0.lock
   5 while ! mkdir $lock 2>/dev/null
   6 do
   7         echo >&2 "PID=$$ waiting for $lock"
   8         sleep 1
   9 done
  10 pid=$$
  11 trap 'if test $$ -eq $pid; then rmdir $lock; fi' EXIT
  12
  13 certinfo() {
  14         echo US
  15         echo Hell
  16         echo A Very Special Place
  17         echo Monkeys
  18         echo Poo-Flingers
  19         echo 127.0.0.1
  20         echo kgio@bogomips.org
  21 }
  22
  23 certinfo2() {
  24         certinfo
  25         echo
  26         echo
  27 }
  28
  29 ca_certinfo () {
  30         echo US
  31         echo Hell
  32         echo An Even More Special Place
  33         echo Deranged Monkeys
  34         echo Poo-Hurlers
  35         echo 127.6.6.6
  36         echo unicorn@bogomips.org
  37 }
  38
  39 openssl genrsa -out ca.key 1024
  40 ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt
  41
  42 openssl genrsa -out bad-ca.key 1024
  43 ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt
  44
  45 openssl genrsa -out server.key 1024
  46 certinfo2 | openssl req -new -key server.key -out server.csr
  47
  48 openssl x509 -req -days 666 \
  49         -in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
  50 n=2
  51 mk_client_cert () {
  52         CLIENT=$1
  53         openssl genrsa -out $CLIENT.key 1024
  54         certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr
  55
  56         openssl x509 -req -days 666 \
  57                 -in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \
  58                 -out $CLIENT.crt
  59         rm -f $CLIENT.csr
  60         n=$(($n + 1))
  61 }
  62
  63 CA=ca
  64 mk_client_cert client1
  65 mk_client_cert client2
  66
  67 CA=bad-ca mk_client_cert bad-client
  68
  69 rm -f server.csr
  70
  71 echo OK