1#!/bin/sh
2
3opensslcmd() {
4    LD_LIBRARY_PATH=../.. ../../apps/openssl $@
5}
6
7# report the openssl version
8opensslcmd version
9
10echo "Creating private keys and certs..."
11
12#####
13
14# root CA private key
15opensslcmd genpkey \
16           -algorithm EC \
17           -pkeyopt ec_paramgen_curve:secp521r1 \
18           -pkeyopt ec_param_enc:named_curve \
19           -out root-key.pem
20
21# root CA certificate (self-signed)
22opensslcmd req \
23           -config ca.cnf \
24           -x509 \
25           -days 3650 \
26           -key root-key.pem \
27           -subj /CN=TestRootCA \
28           -out root-cert.pem
29#####
30
31# intermediate CA private key
32opensslcmd genpkey \
33           -algorithm EC \
34           -pkeyopt ec_paramgen_curve:secp384r1 \
35           -pkeyopt ec_param_enc:named_curve \
36           -out intermediate-key.pem
37
38# intermediate CA certificate-signing-request
39opensslcmd req \
40           -config ca.cnf \
41           -new \
42           -key intermediate-key.pem \
43           -subj /CN=TestIntermediateCA \
44           -out intermediate-csr.pem
45
46# intermediate CA certificate (signed by root CA)
47opensslcmd req \
48           -config ca.cnf \
49           -x509 \
50           -days 1825 \
51           -CA root-cert.pem \
52           -CAkey root-key.pem \
53           -in intermediate-csr.pem \
54           -copy_extensions copyall \
55           -out intermediate-cert.pem
56#####
57
58# server key
59opensslcmd genpkey \
60           -algorithm EC \
61           -pkeyopt ec_paramgen_curve:prime256v1 \
62           -pkeyopt ec_param_enc:named_curve \
63           -out server-key.pem
64
65# server certificate-signing-request
66opensslcmd req \
67           -config ca.cnf \
68	   -extensions usr_cert \
69           -new \
70           -key server-key.pem \
71           -subj /CN=TestServerCA \
72           -out server-csr.pem
73
74# server certificate (signed by intermediate CA)
75opensslcmd req \
76           -config ca.cnf \
77	   -extensions usr_cert \
78           -x509 \
79           -days 365 \
80           -CA intermediate-cert.pem \
81           -CAkey intermediate-key.pem \
82           -in server-csr.pem \
83           -copy_extensions copyall \
84           -out server-cert.pem
85#####
86
87rm -f index.txt index.txt.attr
88echo -n > index.txt
89opensslcmd ca \
90	   -config ca.cnf \
91	   -valid server-cert.pem \
92	   -keyfile intermediate-key.pem \
93	   -cert intermediate-cert.pem
94rm -f index.txt.old
95#####
96
97cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
98cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
99
100echo "Done."
101