Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

tests/certs/scripts: generate also CRL

... and make it possible to do so without any user interaction
  • Loading branch information...
commit 645bdd837a0345a04d01a32e89b94571228a864b 1 parent c03cbb3
@kdudka kdudka authored
View
11 tests/certs/EdelCurlRoot-ca.cnf
@@ -0,0 +1,11 @@
+[ ca ]
+default_ca = EdelCurlRoot
+
+[ EdelCurlRoot ]
+database = EdelCurlRoot-ca.db
+certificate = EdelCurlRoot-ca.crt
+private_key = EdelCurlRoot-ca.key
+crlnumber = EdelCurlRoot-ca.cnt
+default_md = sha1
+default_days = 365
+default_crl_days = 30
View
7 tests/certs/scripts/genroot.sh
@@ -40,8 +40,11 @@ SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
-echo "openssl req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr"
-$OPENSSL req -config $PREFIX-ca.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-ca.key -out $PREFIX-ca.csr
+echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
+openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret
+
+echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
+$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 "
View
16 tests/certs/scripts/genserv.sh
@@ -39,7 +39,7 @@ if [ ".$CAPREFIX" = . ] ; then
NOTOK=1
else
if [ ! -f $CAPREFIX-ca.cacert ] ; then
- echo No CA certficate file $PREFIX-ca.caert
+ echo No CA certficate file $CAPREFIX-ca.caert
NOTOK=1
fi
if [ ! -f $CAPREFIX-ca.key ] ; then
@@ -74,7 +74,6 @@ fi
echo "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
echo pseudo secrets generated
-read
echo "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -out $PREFIX-sv.crt -text -nameopt multiline -sha1"
@@ -85,16 +84,23 @@ if [ "$P12." = YES. ] ; then
echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
-
- read
fi
echo "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
+# revoke server cert
+touch $CAPREFIX-ca.db
+echo 01 > $CAPREFIX-ca.cnt
+echo "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
+$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
+
+# issue CRL
+echo "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
+$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
+
echo "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
-read
# all together now
touch $PREFIX-sv.dhp
Please sign in to comment.
Something went wrong with that request. Please try again.