blob: bef21f4bfc191006bd63d4ca2ca71356ca9de654 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/bin/sh
# Copyright 2013 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This script generates a (end-entity, intermediate, root) certificate, where
# the root has no explicit policies associated, the intermediate has multiple
# policies, and the leaf has a single policy.
#
# When validating, supplying no policy OID should not result in an error.
try() {
"$@" || (e=$?; echo "$@" > /dev/stderr; exit $e)
}
try rm -rf out
try mkdir out
# Create the serial number files.
try /bin/sh -c "echo 01 > out/policy-root-serial"
try /bin/sh -c "echo 01 > out/policy-intermediate-serial"
# Create the signers' DB files.
touch out/policy-root-index.txt
touch out/policy-intermediate-index.txt
# Generate the keys
try openssl genrsa -out out/policy-root.key 2048
try openssl genrsa -out out/policy-intermediate.key 2048
try openssl genrsa -out out/policy-cert.key 2048
# Generate the root certificate
COMMON_NAME="Policy Test Root CA" \
CA_DIR=out \
CA_NAME=policy-root \
try openssl req \
-new \
-key out/policy-root.key \
-out out/policy-root.csr \
-config policy.cnf
COMMON_NAME="Policy Test Root CA" \
CA_DIR=out \
CA_NAME=policy-root \
try openssl x509 \
-req -days 3650 \
-in out/policy-root.csr \
-out out/policy-root.pem \
-signkey out/policy-root.key \
-extfile policy.cnf \
-extensions ca_cert \
-text
# Generate the intermediate
COMMON_NAME="Policy Test Intermediate CA" \
CA_DIR=out \
try openssl req \
-new \
-key out/policy-intermediate.key \
-out out/policy-intermediate.csr \
-config policy.cnf
COMMON_NAME="UNUSED" \
CA_DIR=out \
CA_NAME=policy-root \
try openssl ca \
-batch \
-in out/policy-intermediate.csr \
-out out/policy-intermediate.pem \
-config policy.cnf \
-extensions intermediate_cert
# Generate the leaf
COMMON_NAME="policy_test.example" \
CA_DIR=out \
CA_NAME=policy-intermediate \
try openssl req \
-new \
-key out/policy-cert.key \
-out out/policy-cert.csr \
-config policy.cnf
COMMON_NAME="Policy Test Intermediate CA" \
CA_DIR=out \
CA_NAME=policy-intermediate \
try openssl ca \
-batch \
-in out/policy-cert.csr \
-out out/policy-cert.pem \
-config policy.cnf \
-extensions user_cert
try /bin/sh -c "cat out/policy-cert.pem \
out/policy-intermediate.pem \
out/policy-root.pem >../certificates/explicit-policy-chain.pem"
|
