diff options
author | Bodo Möller <bodo@openssl.org> | 2002-08-12 15:18:48 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2002-08-12 15:18:48 +0000 |
commit | 18a31aa861fdea063686a93ec2d52a0dcc23633a (patch) | |
tree | f5cfc00bb46e13f98e9ca09d6ea54b294abe787c /demos/ssltest-ecc/RSAcertgen.sh | |
parent | b2a4e959c917430acc2ef5e7f5aa0d6e15a91fd6 (diff) | |
download | openssl-new-18a31aa861fdea063686a93ec2d52a0dcc23633a.tar.gz |
Scripts for testing ECC ciphersuites.
Submitted by: Sun Microsystems Labs
Diffstat (limited to 'demos/ssltest-ecc/RSAcertgen.sh')
-rwxr-xr-x | demos/ssltest-ecc/RSAcertgen.sh | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/demos/ssltest-ecc/RSAcertgen.sh b/demos/ssltest-ecc/RSAcertgen.sh new file mode 100755 index 0000000000..ea7984bae3 --- /dev/null +++ b/demos/ssltest-ecc/RSAcertgen.sh @@ -0,0 +1,115 @@ +#!/bin/sh + +# For a list of supported curves, use "apps/openssl ecparam -list_curves". + +# Path to the openssl distribution +OPENSSL_DIR=../.. +# Path to the openssl program +OPENSSL_CMD=$OPENSSL_DIR/apps/openssl +# Option to find configuration file +OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf" +# Directory where certificates are stored +CERTS_DIR=./Certs +# Directory where private key files are stored +KEYS_DIR=$CERTS_DIR +# Directory where combo files (containing a certificate and corresponding +# private key together) are stored +COMBO_DIR=$CERTS_DIR +# cat command +CAT=/bin/cat +# rm command +RM=/bin/rm +# The certificate will expire these many days after the issue date. +DAYS=1500 +TEST_CA_FILE=rsa1024TestCA +TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" + +TEST_SERVER_FILE=rsa1024TestServer +TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)" + +TEST_CLIENT_FILE=rsa1024TestClient +TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)" + +# Generating an EC certificate involves the following main steps +# 1. Generating curve parameters (if needed) +# 2. Generating a certificate request +# 3. Signing the certificate request +# 4. [Optional] One can combine the cert and private key into a single +# file and also delete the certificate request + +echo "Generating self-signed CA certificate (RSA)" +echo "===========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ + -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_CA_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CA_FILE.req.pem \ + -extfile $OPENSSL_DIR/apps/openssl.cnf \ + -extensions v3_ca \ + -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CA_FILE.cert.pem + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CA_FILE.pem +$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CA_FILE.req.pem + +echo "GENERATING A TEST SERVER CERTIFICATE (RSA)" +echo "==========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ + -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_SERVER_FILE.pem +$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem + +echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)" +echo "==========================================" + +$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ + -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ + -newkey rsa:1024 -new \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + +$OPENSSL_CMD x509 -req -days $DAYS \ + -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \ + -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \ + -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \ + -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial + +# Display the certificate +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text + +# Place the certificate and key in a common file +$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \ + > $COMBO_DIR/$TEST_CLIENT_FILE.pem +$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem + +# Remove the cert request file (no longer needed) +$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem + |