1 # 2 # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. 3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 # 5 # This code is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License version 2 only, as 7 # published by the Free Software Foundation. Oracle designates this 8 # particular file as subject to the "Classpath" exception as provided 9 # by Oracle in the LICENSE file that accompanied this code. 10 # 11 # This code is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 # version 2 for more details (a copy is included in the LICENSE file that 15 # accompanied this code). 16 # 17 # You should have received a copy of the GNU General Public License version 18 # 2 along with this work; if not, write to the Free Software Foundation, 19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 # 21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 # or visit www.oracle.com if you need additional information or have any 23 # questions. 24 # 25 26 #!/bin/ksh 27 # 28 # needs ksh to run the script. 29 OPENSSL=openssl 30 31 # generate a self-signed root certificate 32 if [ ! -f root/root_cert.pem ]; then 33 if [ ! -d root ]; then 34 mkdir root 35 fi 36 37 ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key.pem \ 38 -out root/root_cert.pem -subj "/C=US/O=Example" \ 39 -config openssl.cnf -reqexts cert_issuer -days 7650 \ 40 -passin pass:passphrase -passout pass:passphrase 41 fi 42 43 # generate subca cert issuer 44 if [ ! -f subca/subca_cert.pem ]; then 45 if [ ! -d subca ]; then 46 mkdir subca 47 fi 48 49 ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key.pem \ 50 -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \ 51 -days 7650 -passin pass:passphrase -passout pass:passphrase 52 53 ${OPENSSL} x509 -req -in subca/subca_req.pem -extfile openssl.cnf \ 54 -extensions cert_issuer -CA root/root_cert.pem \ 55 -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \ 56 -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase 57 fi 58 59 # generate certifiacte for Alice 60 if [ ! -f subca/alice/alice_cert.pem ]; then 61 if [ ! -d subca/alice ]; then 62 mkdir -p subca/alice 63 fi 64 65 ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \ 66 -out subca/alice/alice_req.pem \ 67 -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \ 68 -passin pass:passphrase -passout pass:passphrase 69 70 ${OPENSSL} x509 -req -in subca/alice/alice_req.pem \ 71 -extfile openssl.cnf -extensions alice_of_subca \ 72 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 73 -out subca/alice/alice_cert.pem -CAcreateserial \ 74 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 75 fi 76 77 # generate certifiacte for Bob 78 if [ ! -f subca/bob/bob.pem ]; then 79 if [ ! -d subca/bob ]; then 80 mkdir -p subca/bob 81 fi 82 83 ${OPENSSL} req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \ 84 -out subca/bob/bob_req.pem \ 85 -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \ 86 -passin pass:passphrase -passout pass:passphrase 87 88 ${OPENSSL} x509 -req -in subca/bob/bob_req.pem \ 89 -extfile openssl.cnf -extensions ee_of_subca \ 90 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 91 -out subca/bob/bob_cert.pem -CAcreateserial \ 92 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 93 fi 94 95 # generate certifiacte for Susan 96 if [ ! -f subca/susan/susan_cert.pem ]; then 97 if [ ! -d subca/susan ]; then 98 mkdir -p subca/susan 99 fi 100 101 ${OPENSSL} req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \ 102 -out subca/susan/susan_req.pem \ 103 -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \ 104 -passin pass:passphrase -passout pass:passphrase 105 106 ${OPENSSL} x509 -req -in subca/susan/susan_req.pem \ 107 -extfile openssl.cnf -extensions susan_of_subca \ 108 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 109 -out subca/susan/susan_cert.pem -CAcreateserial \ 110 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 111 fi 112