blob: 12b697afa4abb6689610521c3534cf2d487fd042 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/bin/bash
# reference:
# http://www.tc.umn.edu/~brams006/selfsign.html
SERVER_KEY=server-key.pem
# The bug is: when certificate subject is in chech, we don't parse
# it correctly (i.e. we mangle it somewhere along the way)
CERT_SUBJECT=$1
SERVER_SUBJECT=$2
if [ "x$CERT_SUBJECT" == "x" ] ;then
echo supply ca subject please.
exit -1
fi
if [ "x$SERVER_SUBJECT" == "x" ]; then
echo supply server subject please.
exit -1
fi
# creating a key for our ca
if [ ! -e ca-key.pem ]; then
openssl genrsa -des3 -out ca-key.pem 1024
fi
# creating a ca
if [ ! -e ca-cert.pem ]; then
openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -utf8 -subj "$CERT_SUBJECT"
fi
# create server key
if [ ! -e $SERVER_KEY ]; then
openssl genrsa -out $SERVER_KEY 1024
fi
# create a certificate signing request (csr)
if [ ! -e server-key.csr ]; then
openssl req -new -key $SERVER_KEY -out server-key.csr -utf8 -subj "$SERVER_SUBJECT"
fi
# signing our server certificate with this ca
if [ ! -e server-cert.pem ]; then
openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
fi
# now create a key that doesn't require a passphrase
openssl rsa -in $SERVER_KEY -out $SERVER_KEY.insecure
mv $SERVER_KEY $SERVER_KEY.secure
mv $SERVER_KEY.insecure $SERVER_KEY
# show the results (no other effect)
openssl rsa -noout -text -in $SERVER_KEY
openssl rsa -noout -text -in ca-key.pem
openssl req -noout -text -in server-key.csr
openssl x509 -noout -text -in server-cert.pem
openssl x509 -noout -text -in ca-cert.pem
echo "Subject for server certificate in copy pastable mode: (first -esc_msb, second without)"
openssl x509 -in server-cert.pem -noout -subject -nameopt oneline,-esc_msb
openssl x509 -in server-cert.pem -noout -subject -nameopt oneline
|
