#!/bin/sh
[ "$SSL" = "" ] && SSL=/usr/local/ssl
export SSL
COUNTRY="CA"
PROVINCE="Province"
CITY="Some City"
ORGANIZATION="Organization"
ORG_UNIT=`hostname`
PASSWORD="whatever"
COMMON_NAME_CLIENT="Client certificate"
EMAIL_CLIENT="client@example.com"
PASSWORD_CLIENT=$PASSWORD
COMMON_NAME_SERVER="Server certificate"
EMAIL_SERVER="server@example.com"
PASSWORD_SERVER=$PASSWORD
COMMON_NAME_ROOT="Root certificate"
EMAIL_ROOT="root@example.com"
PASSWORD_ROOT=$PASSWORD
LIFETIME=730
PATH=${SSL}/bin/:${SSL}/misc:${PATH}
LD_LIBRARY_PATH=${SSL}/lib
export PATH LD_LIBRARY_PATH
rm -rf demoCA roo* cert* *.pem *.der
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate private key"
echo -e "\t\tname : name-root"
echo -e "\t\tCA.pl -newcert"
echo -e "\t\t##################\n"
(echo $COUNTRY
echo $PROVINCE
echo $CITY
echo $ORGANIZATION
echo $ORG_UNIT
echo $COMMON_NAME_CLIENT
echo $EMAIL_CLIENT
) | openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT
if [ "$?" != "0" ]
then
echo "Failed to create client certificate"
exit 1
fi
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate CA"
echo -e "\t\tuse just created 'newreq.pem' private key as filename"
echo -e "\t\tCA.pl -newca"
echo -e "\t\t##################\n"
echo "newreq.pem" | CA.pl -newca || exit 2
echo -e ""
echo -e "\t\t##################"
echo -e "\t\texporting ROOT CA"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
echo -e "\t\t##################\n"
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
openssl pkcs12 -in root.p12 -out root.pem -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
openssl x509 -inform PEM -outform DER -in root.pem -out root.der
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating client certificate"
echo -e "\t\tname : name-clt"
echo -e "\t\tclient certificate stored as cert-clt.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"
(echo $COUNTRY
echo $PROVINCE
echo $CITY
echo $ORGANIZATION
echo $ORG_UNIT
echo $COMMON_NAME_SERVER
echo $EMAIL_SERVER
echo $PASSWORD_SERVER
echo "testing"
) | openssl req -new -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
if [ "$?" != "0" ]
then
echo "Failed to create server certificate"
exit 1
fi
(echo y
echo y) | openssl ca -policy policy_anything -out newcert.pem -passin pass:$PASSWORD_SEREVER -key $PASSWORD_SERVER -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
if [ "$?" != "0" ]
then
echo "Failed to do sign certificate"
exit 1
fi
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT || exit 8
openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:$PASSWORD_CLIENT -passout pass:$PASSWORD_CLIENT || exit 9
openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der || exit 10
echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating server certificate"
echo -e "\t\tname : name-srv"
echo -e "\t\tserver certificate stored as cert-srv.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"
(echo $COUNTRY
echo $PROVINCE
echo $CITY
echo $ORGANIZATION
echo $ORG_UNIT
echo $COMMON_NAME_ROOT
echo $EMAIL_ROOT
echo $PASSWORD_ROOT
echo $ORG_UNIT
) | openssl req -new -keyout newreq.pem -out newreq.pem -days $LIFETIME -passin pass:$PASSWORD_ROOT -passout pass:$PASSWORD_ROOT
if [ "$?" != "0" ]
then
echo "Failed to create root certificate"
exit 1
fi
(echo y
echo y) | openssl ca -policy policy_anything -out newcert.pem -passin pass:$PASSWORD_ROOT -key $PASSWORD_ROOT -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
if [ "$?" != "0" ]
then
echo "Failed to sign root certificate"
exit 1
fi
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER || exit 5
openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER || exit 6
openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der || exit 7
echo -e "\n\t\t#################################"
echo -e "\t\tDONE. Thank you for your patience."
echo -e "\t\t###################################\n"