diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2017-04-25 22:55:27 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2017-04-27 19:12:44 +0200 |
| commit | 0636637e37a4471ae2ef44b4932c6dcb4d9a77cf (patch) | |
| tree | 1b91e5b45999f09bc4839e72d6cd51ca205f3487 /mysql-test/lib | |
| parent | c0e24cd0e8e283f5b1c90fc4bd58d0c2be639d57 (diff) | |
| download | mariadb-git-0636637e37a4471ae2ef44b4932c6dcb4d9a77cf.tar.gz | |
regenerate SSL certificates again
and make sure that private ca key is not deleted at the end of
the procedure, so that we could generate additional certificates
any time without regenerating everything
Diffstat (limited to 'mysql-test/lib')
| -rwxr-xr-x | mysql-test/lib/generate-ssl-certs.sh | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh index cc919dfe32e..e5e995489a0 100755 --- a/mysql-test/lib/generate-ssl-certs.sh +++ b/mysql-test/lib/generate-ssl-certs.sh @@ -1,30 +1,32 @@ -#!/bin/sh -xe +#!/bin/sh + +set -xe # simply run me from mysql-test/ cd std_data/ # boilerplace for "openssl ca" and /etc/ssl/openssl.cnf rm -rf demoCA -mkdir demoCA demoCA/private demoCA/newcerts +mkdir demoCA demoCA/newcerts touch demoCA/index.txt echo 01 > demoCA/serial # CA certificate, self-signed -openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text +openssl req -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text # server certificate signing request and private key. Note the very long subject (for MDEV-7859) openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name' # convert the key to yassl compatible format openssl rsa -in server-key.pem -out server-key.pem # sign the server certificate with CA certificate -openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem +openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/CN=server8k/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' openssl rsa -in server8k-key.pem -out server8k-key.pem -openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem +openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/CN=client/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' openssl rsa -in client-key.pem -out client-key.pem -openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem +openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem rm -rf demoCA |