1 #
2 # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 #
5 # This code is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License version 2 only, as
7 # published by the Free Software Foundation.
8 #
9 # This code is distributed in the hope that it will be useful, but WITHOUT
10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 # version 2 for more details (a copy is included in the LICENSE file that
13 # accompanied this code).
14 #
15 # You should have received a copy of the GNU General Public License version
16 # 2 along with this work; if not, write to the Free Software Foundation,
17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 #
19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 # or visit www.oracle.com if you need additional information or have any
21 # questions.
22 #
23
24 #!/bin/ksh
25 #
26 # needs ksh to run the script.
27 OPENSSL=openssl
28
29 # generate a self-signed root certificate
30 if [ ! -f root/root_cert.pem ]; then
31 if [ ! -d root ]; then
32 mkdir root
33 fi
34
35 ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key.pem \
36 -out root/root_cert.pem -subj "/C=US/O=Example" \
37 -config openssl.cnf -reqexts cert_issuer -days 7650 \
38 -passin pass:passphrase -passout pass:passphrase
39 fi
40
41 # generate subca cert issuer
42 if [ ! -f subca/subca_cert.pem ]; then
43 if [ ! -d subca ]; then
44 mkdir subca
45 fi
46
47 ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key.pem \
48 -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \
49 -days 7650 -passin pass:passphrase -passout pass:passphrase
50
51 ${OPENSSL} x509 -req -in subca/subca_req.pem -extfile openssl.cnf \
52 -extensions cert_issuer -CA root/root_cert.pem \
53 -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \
54 -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
55 fi
56
57 # generate certifiacte for Alice
58 if [ ! -f subca/alice/alice_cert.pem ]; then
59 if [ ! -d subca/alice ]; then
60 mkdir -p subca/alice
61 fi
62
63 ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \
64 -out subca/alice/alice_req.pem \
65 -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
66 -passin pass:passphrase -passout pass:passphrase
67
68 ${OPENSSL} x509 -req -in subca/alice/alice_req.pem \
69 -extfile openssl.cnf -extensions alice_of_subca \
70 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \
71 -out subca/alice/alice_cert.pem -CAcreateserial \
72 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
73 fi
74
75 # generate certifiacte for Bob
76 if [ ! -f subca/bob/bob.pem ]; then
77 if [ ! -d subca/bob ]; then
78 mkdir -p subca/bob
79 fi
80
81 ${OPENSSL} req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \
82 -out subca/bob/bob_req.pem \
83 -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \
84 -passin pass:passphrase -passout pass:passphrase
85
86 ${OPENSSL} x509 -req -in subca/bob/bob_req.pem \
87 -extfile openssl.cnf -extensions ee_of_subca \
88 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \
89 -out subca/bob/bob_cert.pem -CAcreateserial \
90 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
91 fi
92
93 # generate certifiacte for Susan
94 if [ ! -f subca/susan/susan_cert.pem ]; then
95 if [ ! -d subca/susan ]; then
96 mkdir -p subca/susan
97 fi
98
99 ${OPENSSL} req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \
100 -out subca/susan/susan_req.pem \
101 -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \
102 -passin pass:passphrase -passout pass:passphrase
103
104 ${OPENSSL} x509 -req -in subca/susan/susan_req.pem \
105 -extfile openssl.cnf -extensions susan_of_subca \
106 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \
107 -out subca/susan/susan_cert.pem -CAcreateserial \
108 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
109 fi
110