test/ocsp-tests/mk-ocsp-cert-chain.sh

   1 #!/bin/sh
   2
   3 opensslcmd() {
   4     LD_LIBRARY_PATH=../.. ../../apps/openssl $@
   5 }
   6
   7 # report the openssl version
   8 opensslcmd version
   9
  10 echo "Creating private keys and certs..."
  11
  12 #####
  13
  14 # root CA private key
  15 opensslcmd genpkey \
  16            -algorithm EC \
  17            -pkeyopt ec_paramgen_curve:secp521r1 \
  18            -pkeyopt ec_param_enc:named_curve \
  19            -out root-key.pem
  20
  21 # root CA certificate (self-signed)
  22 opensslcmd req \
  23            -config ca.cnf \
  24            -x509 \
  25            -days 3650 \
  26            -key root-key.pem \
  27            -subj /CN=TestRootCA \
  28            -out root-cert.pem
  29 #####
  30
  31 # intermediate CA private key
  32 opensslcmd genpkey \
  33            -algorithm EC \
  34            -pkeyopt ec_paramgen_curve:secp384r1 \
  35            -pkeyopt ec_param_enc:named_curve \
  36            -out intermediate-key.pem
  37
  38 # intermediate CA certificate-signing-request
  39 opensslcmd req \
  40            -config ca.cnf \
  41            -new \
  42            -key intermediate-key.pem \
  43            -subj /CN=TestIntermediateCA \
  44            -out intermediate-csr.pem
  45
  46 # intermediate CA certificate (signed by root CA)
  47 opensslcmd req \
  48            -config ca.cnf \
  49            -x509 \
  50            -days 1825 \
  51            -CA root-cert.pem \
  52            -CAkey root-key.pem \
  53            -in intermediate-csr.pem \
  54            -copy_extensions copyall \
  55            -out intermediate-cert.pem
  56 #####
  57
  58 # server key
  59 opensslcmd genpkey \
  60            -algorithm EC \
  61            -pkeyopt ec_paramgen_curve:prime256v1 \
  62            -pkeyopt ec_param_enc:named_curve \
  63            -out server-key.pem
  64
  65 # server certificate-signing-request
  66 opensslcmd req \
  67            -config ca.cnf \
  68            -extensions usr_cert \
  69            -new \
  70            -key server-key.pem \
  71            -subj /CN=TestServerCA \
  72            -out server-csr.pem
  73
  74 # server certificate (signed by intermediate CA)
  75 opensslcmd req \
  76            -config ca.cnf \
  77            -extensions usr_cert \
  78            -x509 \
  79            -days 365 \
  80            -CA intermediate-cert.pem \
  81            -CAkey intermediate-key.pem \
  82            -in server-csr.pem \
  83            -copy_extensions copyall \
  84            -out server-cert.pem
  85 #####
  86
  87 rm -f index.txt index.txt.attr
  88 echo -n > index.txt
  89 opensslcmd ca \
  90            -config ca.cnf \
  91            -valid server-cert.pem \
  92            -keyfile intermediate-key.pem \
  93            -cert intermediate-cert.pem
  94 rm -f index.txt.old
  95 #####
  96
  97 cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
  98 cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
  99
 100 echo "Done."