generate DSA certificate and RSA certificate with proper extensions for tests
This commit is contained in:
parent
fa0d01df0d
commit
5a3422cbbc
2 changed files with 90 additions and 11 deletions
|
@ -1,6 +1,85 @@
|
||||||
#!/bin/sh
|
#!/bin/sh -e
|
||||||
|
|
||||||
openssl genrsa -out server.key 1024
|
|
||||||
openssl rsa -in server.key -out server.pem
|
#make req
|
||||||
openssl req -new -subj '/CN=www.mytest.com/O=MyTest/C=US' -key server.key -out server.csr
|
|
||||||
openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt
|
cat > server.rsa.req << EOF
|
||||||
|
[ req ]
|
||||||
|
default_bits = 2048
|
||||||
|
default_keyfile = server.rsa.key
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
req_extensions = v3_req
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[req_distinguished_name]
|
||||||
|
C_default = US
|
||||||
|
C_min = 2
|
||||||
|
C_max = 2
|
||||||
|
|
||||||
|
O =
|
||||||
|
O_default = MyTest
|
||||||
|
|
||||||
|
O.0U =
|
||||||
|
0.OU_default = default
|
||||||
|
1.OU_default = PKI
|
||||||
|
2.OU_default = ABCD
|
||||||
|
commonName_default = www.mytest.com
|
||||||
|
commonName_max = 64
|
||||||
|
emailAddress_default = test@test.com
|
||||||
|
|
||||||
|
[ v3_req ]
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||||||
|
subjectAltName = email:test@test.com
|
||||||
|
issuerAltName = issuer:copy
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > server.dsa.req << EOF
|
||||||
|
[ req ]
|
||||||
|
keyfile = server.dsa.key
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
req_extensions = v3_req
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[req_distinguished_name]
|
||||||
|
C_default = US
|
||||||
|
C_min = 2
|
||||||
|
C_max = 2
|
||||||
|
|
||||||
|
O =
|
||||||
|
O_default = MyTest
|
||||||
|
|
||||||
|
O.0U =
|
||||||
|
0.OU_default = default
|
||||||
|
1.OU_default = PKI
|
||||||
|
2.OU_default = ABCD
|
||||||
|
commonName_default = www.mytest.com
|
||||||
|
commonName_max = 64
|
||||||
|
emailAddress_default = test@test.com
|
||||||
|
|
||||||
|
[ v3_req ]
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid:always,issuer:always
|
||||||
|
subjectAltName = email:test@test.com
|
||||||
|
issuerAltName = issuer:copy
|
||||||
|
EOF
|
||||||
|
|
||||||
|
openssl genrsa -out server.rsa.key 1024
|
||||||
|
#openssl rsa -in server.rsa.key -out server.pem
|
||||||
|
|
||||||
|
openssl req -config server.rsa.req -key server.rsa.key -new -nodes -out server.rsa.crt -extensions v3_req -x509
|
||||||
|
#openssl x509 -req -days 1000 -in server.rsa.req -signkey server.rsa.key -out server.rsa.crt
|
||||||
|
|
||||||
|
openssl dsaparam -out server.dsa.params 1024
|
||||||
|
openssl gendsa server.dsa.params -out server.dsa.key
|
||||||
|
|
||||||
|
openssl req -config server.dsa.req -key server.dsa.key -new -nodes -out server.dsa.crt -extensions v3_req -x509
|
||||||
|
#openssl x509 -req -days 1000 -in server.dsa.req -signkey server.dsa.key -out server.dsa.crt
|
||||||
|
|
|
@ -8,23 +8,23 @@ fi
|
||||||
|
|
||||||
PORT=$(($$ % 10000 + 10000))
|
PORT=$(($$ % 10000 + 10000))
|
||||||
|
|
||||||
if [ ! -f server.crt ]; then
|
if [ ! -f server.rsa.crt ]; then
|
||||||
echo "generate some certificate \"server.crt\""
|
echo "generate some certificate \"server.rsa.crt\""
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f server.key ]; then
|
if [ ! -f server.rsa.key ]; then
|
||||||
echo "generate some private key \"server.key\""
|
echo "generate some private key \"server.rsa.key\""
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "running stunnel"
|
echo "running stunnel"
|
||||||
${STUNNEL} server --certificate server.crt --key server.key --source=localhost:${PORT} --destination-type=fd --destination=2 > stunnel-gnutls-log 2>&1 &
|
${STUNNEL} server --certificate server.rsa.crt --key server.rsa.key --certificate server.dsa.crt --key server.dsa.key --source=localhost:${PORT} --destination-type=fd --debug --destination=2 > stunnel-gnutls-log 2>&1 &
|
||||||
stunnelpid=$(pidof stunnel)
|
stunnelpid=$(pidof stunnel)
|
||||||
STUNNELPID=$!
|
STUNNELPID=$!
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
||||||
echo "starting gnutls cli debug"
|
echo "starting gnutls cli debug"
|
||||||
gnutls-cli-debug localhost -p ${PORT} -VV
|
gnutls-cli-debug localhost -p ${PORT} -V -V
|
||||||
|
|
||||||
kill ${STUNNELPID}
|
kill ${STUNNELPID}
|
||||||
|
|
Loading…
Reference in a new issue