1#!/bin/sh 2 3# Copyright 2013 The Chromium Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# This script generates a set of test (end-entity, intermediate, root) 8# certificates that can be used to test fetching of an intermediate via AIA. 9 10try() { 11 echo "$@" 12 $@ || exit 1 13} 14 15try rm -rf out 16try mkdir out 17 18# Create the serial number files. 19try echo 1 > out/aia-test-root-serial 20try echo 1 > out/aia-test-intermediate-serial 21 22# Create the signers' DB files. 23touch out/aia-test-root-index.txt 24touch out/aia-test-intermediate-index.txt 25 26# Generate the keys 27try openssl genrsa -out out/aia-test-root.key 2048 28try openssl genrsa -out out/aia-test-intermediate.key 2048 29try openssl genrsa -out out/aia-test-cert.key 2048 30 31# Generate the root certificate 32CA_COMMON_NAME="AIA Test Root CA" \ 33 CA_DIR=out \ 34 CA_NAME=aia-test-root \ 35 try openssl req \ 36 -new \ 37 -key out/aia-test-root.key \ 38 -out out/aia-test-root.csr \ 39 -config aia-test.cnf 40 41CA_COMMON_NAME="AIA Test Root CA" \ 42 CA_DIR=out \ 43 CA_NAME=aia-test-root \ 44 try openssl x509 \ 45 -req -days 3650 \ 46 -in out/aia-test-root.csr \ 47 -out out/aia-test-root.pem \ 48 -signkey out/aia-test-root.key \ 49 -extfile aia-test.cnf \ 50 -extensions ca_cert 51 52# Generate the intermediate 53CA_COMMON_NAME="AIA Test Intermediate CA" \ 54 CA_DIR=out \ 55 CA_NAME=aia-test-root \ 56 try openssl req \ 57 -new \ 58 -key out/aia-test-intermediate.key \ 59 -out out/aia-test-intermediate.csr \ 60 -config aia-test.cnf 61 62CA_COMMON_NAME="AIA Test Intermediate CA" \ 63 CA_DIR=out \ 64 CA_NAME=aia-test-root \ 65 try openssl ca \ 66 -batch \ 67 -in out/aia-test-intermediate.csr \ 68 -out out/aia-test-intermediate.pem \ 69 -config aia-test.cnf \ 70 -extensions ca_cert 71 72# Generate the leaf 73CA_COMMON_NAME="aia-host.invalid" \ 74CA_DIR=out \ 75CA_NAME=aia-test-intermediate \ 76try openssl req \ 77 -new \ 78 -key out/aia-test-cert.key \ 79 -out out/aia-test-cert.csr \ 80 -config aia-test.cnf 81 82CA_COMMON_NAME="AIA Test Intermediate CA" \ 83 CA_DIR=out \ 84 CA_NAME=aia-test-intermediate \ 85 AIA_URL=http://aia-test.invalid \ 86 try openssl ca \ 87 -batch \ 88 -in out/aia-test-cert.csr \ 89 -out out/aia-test-cert.pem \ 90 -config aia-test.cnf \ 91 -extensions user_cert 92