hs-tls/test-scripts/generate-server-certkey

#!/bin/sh -e


#make req

cat > server.rsa.req << EOF
[ req ]
default_bits        = 2048
default_keyfile     = server.rsa.key
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
x509_extensions     = v3_ca

[req_distinguished_name]
C_default = US
C_min = 2
C_max = 2

O =
O_default = MyTest

O.0U =
0.OU_default = default
1.OU_default = PKI
2.OU_default = ABCD
commonName_default = www.mytest.com
commonName_max = 64
emailAddress_default = test@test.com

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName         = email:test@test.com
issuerAltName          = issuer:copy
EOF

cat > server.dsa.req << EOF
[ req ]
keyfile     = server.dsa.key
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
x509_extensions     = v3_ca

[req_distinguished_name]
C_default = US
C_min = 2
C_max = 2

O =
O_default = MyTest

O.0U =
0.OU_default = default
1.OU_default = PKI
2.OU_default = ABCD
commonName_default = www.mytest.com
commonName_max = 64
emailAddress_default = test@test.com

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName         = email:test@test.com
issuerAltName          = issuer:copy
EOF

openssl genrsa -out server.rsa.key 1024
#openssl rsa -in server.rsa.key -out server.pem

openssl req -config server.rsa.req -key server.rsa.key -new -nodes -out server.rsa.crt -extensions v3_req -x509
#openssl x509 -req -days 1000 -in server.rsa.req -signkey server.rsa.key -out server.rsa.crt

openssl dsaparam -out server.dsa.params 1024
openssl gendsa server.dsa.params -out server.dsa.key

openssl req -config server.dsa.req -key server.dsa.key -new -nodes -out server.dsa.crt -extensions v3_req -x509
#openssl x509 -req -days 1000 -in server.dsa.req -signkey server.dsa.key -out server.dsa.crt

cat > dhparams << EOF
Params {params_p = 10719171887047462424462377894372628069923269478878247097091798192644237231396492564025928794300391495193820465477    538346762614835402050938824463012084274379, params_g = 2}
EOF
generate DSA certificate and RSA certificate with proper extensions for tests 2013-12-28 15:30:37 +00:00			`#!/bin/sh -e`
add a script to generate a cert key pair through openssl 2011-12-06 00:22:06 +00:00
generate DSA certificate and RSA certificate with proper extensions for tests 2013-12-28 15:30:37 +00:00
			`#make req`

			`cat > server.rsa.req << EOF`
			`[ req ]`
			`default_bits = 2048`
			`default_keyfile = server.rsa.key`
			`distinguished_name = req_distinguished_name`
			`req_extensions = v3_req`
			`x509_extensions = v3_ca`

			`[req_distinguished_name]`
			`C_default = US`
			`C_min = 2`
			`C_max = 2`

			`O =`
			`O_default = MyTest`

			`O.0U =`
			`0.OU_default = default`
			`1.OU_default = PKI`
			`2.OU_default = ABCD`
			`commonName_default = www.mytest.com`
			`commonName_max = 64`
			`emailAddress_default = test@test.com`

			`[ v3_req ]`
			`basicConstraints = CA:FALSE`
			`keyUsage = digitalSignature, nonRepudiation, keyEncipherment`

			`[ v3_ca ]`
			`subjectKeyIdentifier = hash`
			`authorityKeyIdentifier = keyid:always,issuer:always`
			`subjectAltName = email:test@test.com`
			`issuerAltName = issuer:copy`
			`EOF`

			`cat > server.dsa.req << EOF`
			`[ req ]`
			`keyfile = server.dsa.key`
			`distinguished_name = req_distinguished_name`
			`req_extensions = v3_req`
			`x509_extensions = v3_ca`

			`[req_distinguished_name]`
			`C_default = US`
			`C_min = 2`
			`C_max = 2`

			`O =`
			`O_default = MyTest`

			`O.0U =`
			`0.OU_default = default`
			`1.OU_default = PKI`
			`2.OU_default = ABCD`
			`commonName_default = www.mytest.com`
			`commonName_max = 64`
			`emailAddress_default = test@test.com`

			`[ v3_req ]`
			`basicConstraints = CA:FALSE`
			`keyUsage = digitalSignature, nonRepudiation, keyEncipherment`

			`[ v3_ca ]`
			`subjectKeyIdentifier = hash`
			`authorityKeyIdentifier = keyid:always,issuer:always`
			`subjectAltName = email:test@test.com`
			`issuerAltName = issuer:copy`
			`EOF`

			`openssl genrsa -out server.rsa.key 1024`
			`#openssl rsa -in server.rsa.key -out server.pem`

			`openssl req -config server.rsa.req -key server.rsa.key -new -nodes -out server.rsa.crt -extensions v3_req -x509`
			`#openssl x509 -req -days 1000 -in server.rsa.req -signkey server.rsa.key -out server.rsa.crt`

			`openssl dsaparam -out server.dsa.params 1024`
			`openssl gendsa server.dsa.params -out server.dsa.key`

			`openssl req -config server.dsa.req -key server.dsa.key -new -nodes -out server.dsa.crt -extensions v3_req -x509`
			`#openssl x509 -req -days 1000 -in server.dsa.req -signkey server.dsa.key -out server.dsa.crt`
generate some dhparams 2013-12-29 07:14:08 +00:00
			`cat > dhparams << EOF`
			`Params {params_p = 10719171887047462424462377894372628069923269478878247097091798192644237231396492564025928794300391495193820465477 538346762614835402050938824463012084274379, params_g = 2}`
			`EOF`