#!/bin/sh -x
SSL=/usr/local/ssl
export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
export LD_LIBRARY_PATH=${SSL}/lib
rm -rf demoCA roo* cert* *.pem *.der
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate private key"
echo -e "\t\tname : name-root"
echo -e "\t\tCA.pl -newcert"
echo -e "\t\t##################\n"
openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate CA"
echo -e "\t\tuse just created 'newreq.pem' private key as filename"
echo -e "\t\tCA.pl -newca"
echo -e "\t\t##################\n"
echo "newreq.pem" | /usr/local/ssl/misc/CA.pl -newca
echo -e ""
echo -e "\t\t##################"
echo -e "\t\texporting ROOT CA"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
echo -e "\t\t##################\n"
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in root.pem -out root.der
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating client certificate"
echo -e "\t\tname : name-clt"
echo -e "\t\tclient certificate stored as cert-clt.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"
openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating server certificate"
echo -e "\t\tname : name-srv"
echo -e "\t\tserver certificate stored as cert-srv.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"
openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
echo -e "\n\t\t##################\n"