tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-08-24 19:18:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
icinga2/third-party/boost-wintls/test/test_certificates/generate_certs.sh

48 lines
3.1 KiB
Bash
Raw Permalink Blame History

# This script is used to generate all the files in ./gen using the config files from ./conf.
# These files are used from the unit tests in certificate_test.cpp
# Clear all previously generated files
rm -rf gen
mkdir -p gen
# Generate self signed Root certificate valid for 100 years
openssl req -days 36525 -nodes -new -x509 -keyout gen/ca_root.key -out gen/ca_root.crt -config conf/ca_root.conf
# Request intermediate certificate
openssl req -nodes -new -keyout gen/ca_intermediate.key -out gen/ca_intermediate.csr -config conf/ca_intermediate.conf
# Request leaf certificates
openssl req -nodes -new -keyout gen/leaf.key -out gen/leaf.csr -config conf/leaf.conf
openssl req -nodes -new -keyout gen/leaf_ocsp.key -out gen/leaf_ocsp.csr -config conf/leaf_ocsp.conf
openssl req -nodes -new -keyout gen/leaf_ocsp_revoked.key -out gen/leaf_ocsp_revoked.csr -config conf/leaf_ocsp.conf
openssl req -nodes -new -keyout gen/ocsp_signer_ca_intermediate.key -out gen/ocsp_signer_ca_intermediate.csr -config conf/ocsp_signer_ca_intermediate.conf
# Setup for signing the subordinate certificates
touch gen/certindex
echo 01 > gen/certserial
echo 01 > gen/crlnumber
mkdir -p gen/newcerts
# Sign intermediate certificate
openssl x509 -req -CA gen/ca_root.crt -CAkey gen/ca_root.key -CAcreateserial -days 36525 -extensions req_v3_ca -extfile conf/ca_intermediate.conf -in gen/ca_intermediate.csr -out gen/ca_intermediate.crt
# Sign leaf certificates
SIGN_LEAF_COMMON_PARAMS="ca -config conf/ca_intermediate.conf -extensions req_v3_usr -batch"
openssl $SIGN_LEAF_COMMON_PARAMS -extfile conf/leaf.conf -in gen/leaf.csr -out gen/leaf.crt
openssl $SIGN_LEAF_COMMON_PARAMS -extfile conf/leaf_ocsp.conf -in gen/leaf_ocsp.csr -out gen/leaf_ocsp.crt
openssl $SIGN_LEAF_COMMON_PARAMS -extfile conf/leaf_ocsp.conf -in gen/leaf_ocsp_revoked.csr -out gen/leaf_ocsp_revoked.crt
openssl $SIGN_LEAF_COMMON_PARAMS -extfile conf/ocsp_signer_ca_intermediate.conf -in gen/ocsp_signer_ca_intermediate.csr -out gen/ocsp_signer_ca_intermediate.crt
# Create certificate chains for the leaf certificates
cat gen/leaf.crt gen/ca_intermediate.crt gen/ca_root.crt > gen/leaf_chain.pem
cat gen/leaf_ocsp.crt gen/ca_intermediate.crt gen/ca_root.crt > gen/leaf_ocsp_chain.pem
cat gen/leaf_ocsp_revoked.crt gen/ca_intermediate.crt gen/ca_root.crt > gen/leaf_ocsp_revoked_chain.pem
# Generate empty CRL
openssl ca -config conf/ca_root.conf -gencrl -out gen/ca_root_empty.crl.pem
openssl ca -config conf/ca_intermediate.conf -gencrl -out gen/ca_intermediate_empty.crl.pem
# Revoke leaf.crt and leaf_ocsp_revoked.crt
openssl ca -config conf/ca_intermediate.conf -revoke gen/leaf.crt
openssl ca -config conf/ca_intermediate.conf -revoke gen/leaf_ocsp_revoked.crt
# Generate CRL including the revoked certificates
openssl ca -config conf/ca_intermediate.conf -gencrl -out gen/ca_intermediate_leaf_revoked.crl.pem
Reference in New Issue View Git Blame Copy Permalink