summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xnet/data/ssl/scripts/generate-duplicate-cn-certs.sh23
-rwxr-xr-xnet/data/ssl/scripts/generate-redundant-test-chains.sh46
-rw-r--r--net/data/ssl/scripts/redundant-ca.cnf46
3 files changed, 22 insertions, 93 deletions
diff --git a/net/data/ssl/scripts/generate-duplicate-cn-certs.sh b/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
index a813226..2a31f46c 100755
--- a/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
+++ b/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
@@ -32,12 +32,7 @@ try openssl genrsa -out out/B.key 2048
echo Generate the B CSR.
CA_COMMON_NAME="B Root CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=B CERTIFICATE=B \
+ CERTIFICATE=B \
try openssl req \
-new \
-key out/B.key \
@@ -46,8 +41,6 @@ CA_COMMON_NAME="B Root CA" \
echo B signs itself.
CA_COMMON_NAME="B Root CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
try openssl x509 \
-req -days 3650 \
-in out/B.csr \
@@ -75,12 +68,7 @@ SUBJECT_NAME=req_duplicate_cn_2 \
echo B signs A1.
CA_COMMON_NAME="B CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=sha1 \
- CERT_TYPE=intermediate \
- TYPE=B CERTIFICATE=B \
+ CERTIFICATE=B \
try openssl ca \
-batch \
-extensions user_cert \
@@ -90,12 +78,7 @@ CA_COMMON_NAME="B CA" \
echo B signs A2.
CA_COMMON_NAME="B CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=sha1 \
- CERT_TYPE=intermediate \
- TYPE=B CERTIFICATE=B \
+ CERTIFICATE=B \
try openssl ca \
-batch \
-extensions user_cert \
diff --git a/net/data/ssl/scripts/generate-redundant-test-chains.sh b/net/data/ssl/scripts/generate-redundant-test-chains.sh
index 27e8003..32a7e0d 100755
--- a/net/data/ssl/scripts/generate-redundant-test-chains.sh
+++ b/net/data/ssl/scripts/generate-redundant-test-chains.sh
@@ -43,12 +43,7 @@ try openssl genrsa -out out/D.key 2048
echo Generate the D CSR.
CA_COMMON_NAME="D Root CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=D CERTIFICATE=D \
+ CERTIFICATE=D \
try openssl req \
-new \
-key out/D.key \
@@ -57,8 +52,6 @@ CA_COMMON_NAME="D Root CA" \
echo D signs itself.
CA_COMMON_NAME="D Root CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
try openssl x509 \
-req -days 3650 \
-in out/D.csr \
@@ -68,12 +61,7 @@ CA_COMMON_NAME="D Root CA" \
echo Generate the C2 root CSR.
CA_COMMON_NAME="C CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=C2 CERTIFICATE=C2 \
+ CERTIFICATE=C2 \
try openssl req \
-new \
-key out/C.key \
@@ -82,8 +70,6 @@ CA_COMMON_NAME="C CA" \
echo C2 signs itself.
CA_COMMON_NAME="C CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
try openssl x509 \
-req -days 3650 \
-in out/C2.csr \
@@ -96,12 +82,7 @@ for i in B C
do
name="$i Intermediate CA"
CA_COMMON_NAME="$i CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=$i CERTIFICATE=$i \
+ CERTIFICATE=$i \
try openssl req \
-new \
-key out/$i.key \
@@ -113,12 +94,7 @@ echo D signs the C intermediate.
# Make sure the signer's DB file exists.
touch out/D-index.txt
CA_COMMON_NAME="D Root CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=D CERTIFICATE=D \
+ CERTIFICATE=D \
try openssl ca \
-batch \
-extensions ca_cert \
@@ -129,12 +105,7 @@ CA_COMMON_NAME="D Root CA" \
echo C signs the B intermediate.
touch out/C-index.txt
CA_COMMON_NAME="C CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=2048 \
- ALGO=rsa \
- CERT_TYPE=root \
- TYPE=C CERTIFICATE=C \
+ CERTIFICATE=C \
try openssl ca \
-batch \
-extensions ca_cert \
@@ -152,12 +123,7 @@ try openssl req \
echo B signs A.
touch out/B-index.txt
CA_COMMON_NAME="B CA" \
- CA_DIR=out \
- CA_NAME=req_env_dn \
- KEY_SIZE=$signer_key_size \
- ALGO=$signer_algo \
- CERT_TYPE=intermediate \
- TYPE=B CERTIFICATE=B \
+ CERTIFICATE=B \
try openssl ca \
-batch \
-extensions user_cert \
diff --git a/net/data/ssl/scripts/redundant-ca.cnf b/net/data/ssl/scripts/redundant-ca.cnf
index e1b24e0..b03eb81 100644
--- a/net/data/ssl/scripts/redundant-ca.cnf
+++ b/net/data/ssl/scripts/redundant-ca.cnf
@@ -1,21 +1,18 @@
+CA_DIR = out
+
[ca]
default_ca = CA_root
preserve = yes
# The default test root, used to generate certificates and CRLs.
[CA_root]
-dir = $ENV::CA_DIR
-key_size = $ENV::KEY_SIZE
-algo = $ENV::ALGO
-cert_type = $ENV::CERT_TYPE
-type = $ENV::TYPE
-certificate = $ENV::CERTIFICATE
-database = $dir/$type-index.txt
-new_certs_dir = $dir
-serial = $dir/$type-serial
-certificate = $dir/$certificate.pem
-private_key = $dir/$type.key
-RANDFILE = $dir/rand
+dir = ${ENV::CA_DIR}
+database = ${dir}/${ENV::CERTIFICATE}-index.txt
+new_certs_dir = ${dir}
+serial = ${dir}/${ENV::CERTIFICATE}-serial
+certificate = ${dir}/${ENV::CERTIFICATE}.pem
+private_key = ${dir}/${ENV::CERTIFICATE}.key
+RANDFILE = ${dir}/rand
default_days = 3650
default_crl_days = 30
default_md = sha1
@@ -51,30 +48,13 @@ commonName = optional
emailAddress = optional
[req]
-# The request section used to generate the root CA certificate. This should
-# not be used to generate end-entity certificates. For certificates other
-# than the root CA, see README to find the appropriate configuration file
-# (ie: openssl_cert.cnf).
-default_bits = $ENV::KEY_SIZE
+# The request section used to generate certificate requests.
+default_bits = 2048
default_md = sha1
string_mask = utf8only
prompt = no
encrypt_key = no
-distinguished_name = $ENV::CA_NAME
-
-[req_ca_dn]
-C = US
-ST = California
-L = Mountain View
-O = Test CA
-CN = Test Root 2 CA
-
-[req_intermediate_dn]
-C = US
-ST = California
-L = Mountain View
-O = Test CA
-CN = Test Intermediate 2 CA
+distinguished_name = req_env_dn
[req_env_dn]
-CN = $ENV::CA_COMMON_NAME
+CN = ${ENV::CA_COMMON_NAME}
generated by cgit v1.1 at 2025-01-19 07:28:39 +0000