1 # 2 # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. 3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 # 5 # This code is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License version 2 only, as 7 # published by the Free Software Foundation. 8 # 9 # This code is distributed in the hope that it will be useful, but WITHOUT 10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 # version 2 for more details (a copy is included in the LICENSE file that 13 # accompanied this code). 14 # 15 # You should have received a copy of the GNU General Public License version 16 # 2 along with this work; if not, write to the Free Software Foundation, 17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 # 19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 # or visit www.oracle.com if you need additional information or have any 21 # questions. 22 # 23 24 #!/bin/ksh 25 # 26 # needs ksh to run the script. 27 OPENSSL=openssl 28 29 # generate a self-signed root certificate 30 if [ ! -f root/root_cert.pem ]; then 31 if [ ! -d root ]; then 32 mkdir root 33 fi 34 35 ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key.pem \ 36 -out root/root_cert.pem -subj "/C=US/O=Example" \ 37 -config openssl.cnf -reqexts cert_issuer -days 7650 \ 38 -passin pass:passphrase -passout pass:passphrase 39 fi 40 41 # generate subca cert issuer 42 if [ ! -f subca/subca_cert.pem ]; then 43 if [ ! -d subca ]; then 44 mkdir subca 45 fi 46 47 ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key.pem \ 48 -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \ 49 -days 7650 -passin pass:passphrase -passout pass:passphrase 50 51 ${OPENSSL} x509 -req -in subca/subca_req.pem -extfile openssl.cnf \ 52 -extensions cert_issuer -CA root/root_cert.pem \ 53 -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \ 54 -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase 55 fi 56 57 # generate certifiacte for Alice 58 if [ ! -f subca/alice/alice_cert.pem ]; then 59 if [ ! -d subca/alice ]; then 60 mkdir -p subca/alice 61 fi 62 63 ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \ 64 -out subca/alice/alice_req.pem \ 65 -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \ 66 -passin pass:passphrase -passout pass:passphrase 67 68 ${OPENSSL} x509 -req -in subca/alice/alice_req.pem \ 69 -extfile openssl.cnf -extensions alice_of_subca \ 70 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 71 -out subca/alice/alice_cert.pem -CAcreateserial \ 72 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 73 fi 74 75 # generate certifiacte for Bob 76 if [ ! -f subca/bob/bob.pem ]; then 77 if [ ! -d subca/bob ]; then 78 mkdir -p subca/bob 79 fi 80 81 ${OPENSSL} req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \ 82 -out subca/bob/bob_req.pem \ 83 -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \ 84 -passin pass:passphrase -passout pass:passphrase 85 86 ${OPENSSL} x509 -req -in subca/bob/bob_req.pem \ 87 -extfile openssl.cnf -extensions ee_of_subca \ 88 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 89 -out subca/bob/bob_cert.pem -CAcreateserial \ 90 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 91 fi 92 93 # generate certifiacte for Susan 94 if [ ! -f subca/susan/susan_cert.pem ]; then 95 if [ ! -d subca/susan ]; then 96 mkdir -p subca/susan 97 fi 98 99 ${OPENSSL} req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \ 100 -out subca/susan/susan_req.pem \ 101 -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \ 102 -passin pass:passphrase -passout pass:passphrase 103 104 ${OPENSSL} x509 -req -in subca/susan/susan_req.pem \ 105 -extfile openssl.cnf -extensions susan_of_subca \ 106 -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \ 107 -out subca/susan/susan_cert.pem -CAcreateserial \ 108 -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase 109 fi 110