mirror of
https://github.com/bstansell/conserver.git
synced 2024-12-24 15:06:42 +00:00
56 lines
1.8 KiB
Bash
Executable File
56 lines
1.8 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
#
|
|
# This is a "simple" script that I've used to create test certificates
|
|
# for conserver and it's OpenSSL bits. It's far from perfect...or useful
|
|
# outside of my own purposes. If this helps, cool. In the end I put the
|
|
# rootcert.pem file in my global certs directory (OPENSSL_ROOT/ssl/certs),
|
|
# point the server to server.pem and point the client at client.pem. I
|
|
# then run the c_rehash command.
|
|
#
|
|
# You can also use the sslcacertificatefile options to point the client/server
|
|
# at rootcert.pem instead of populating the global repository
|
|
#
|
|
|
|
[ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -nodes
|
|
US
|
|
California
|
|
Folsom
|
|
conserver.com
|
|
Conserver CA
|
|
conserver.com
|
|
|
|
|
|
|
|
EOD
|
|
[ -f rootcert.pem ] || openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem
|
|
[ -f root.pem ] || cat rootcert.pem rootkey.pem > root.pem
|
|
|
|
[ -f serverreq.pem -a -f serverkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -nodes
|
|
US
|
|
California
|
|
Folsom
|
|
conserver.com
|
|
conserver
|
|
conserver
|
|
|
|
|
|
|
|
EOD
|
|
[ -f servercert.pem ] || openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem
|
|
[ -f server.pem ] || cat servercert.pem serverkey.pem rootcert.pem > server.pem
|
|
|
|
[ -f clientreq.pem -a -f clientkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem -nodes
|
|
US
|
|
California
|
|
Folsom
|
|
conserver.com
|
|
console
|
|
console
|
|
|
|
|
|
|
|
EOD
|
|
[ -f clientcert.pem ] || openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
|
|
[ -f client.pem ] || cat clientcert.pem clientkey.pem rootcert.pem > client.pem
|