1#!/bin/sh 2 3# Copyright 2013 The Chromium Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# This script generates a set of test (end-entity, intermediate, root) 8# certificates that can be used to test fetching of an intermediate via AIA. 9 10try() { 11 echo "$@" 12 "$@" || exit 1 13} 14 15try rm -rf out 16try mkdir out 17 18# Create the serial number files. 19try /bin/sh -c "echo 01 > out/aia-test-root-serial" 20try /bin/sh -c "echo 01 > out/aia-test-intermediate-serial" 21 22# Create the signers' DB files. 23touch out/aia-test-root-index.txt 24touch out/aia-test-intermediate-index.txt 25 26# Generate the keys 27try openssl genrsa -out out/aia-test-root.key 2048 28try openssl genrsa -out out/aia-test-intermediate.key 2048 29try openssl genrsa -out out/aia-test-cert.key 2048 30 31# Generate the root certificate 32CA_COMMON_NAME="AIA Test Root CA" \ 33 CA_DIR=out \ 34 CA_NAME=aia-test-root \ 35 try openssl req \ 36 -new \ 37 -key out/aia-test-root.key \ 38 -out out/aia-test-root.csr \ 39 -config aia-test.cnf 40 41CA_COMMON_NAME="AIA Test Root CA" \ 42 CA_DIR=out \ 43 CA_NAME=aia-test-root \ 44 try openssl x509 \ 45 -req -days 3650 \ 46 -in out/aia-test-root.csr \ 47 -out out/aia-test-root.pem \ 48 -signkey out/aia-test-root.key \ 49 -extfile aia-test.cnf \ 50 -extensions ca_cert \ 51 -text 52 53# Generate the intermediate 54CA_COMMON_NAME="AIA Test Intermediate CA" \ 55 CA_DIR=out \ 56 CA_NAME=aia-test-root \ 57 try openssl req \ 58 -new \ 59 -key out/aia-test-intermediate.key \ 60 -out out/aia-test-intermediate.csr \ 61 -config aia-test.cnf 62 63CA_COMMON_NAME="AIA Test Intermediate CA" \ 64 CA_DIR=out \ 65 CA_NAME=aia-test-root \ 66 try openssl ca \ 67 -batch \ 68 -in out/aia-test-intermediate.csr \ 69 -out out/aia-test-intermediate.pem \ 70 -config aia-test.cnf \ 71 -extensions ca_cert 72 73# Generate the leaf 74CA_COMMON_NAME="aia-host.invalid" \ 75CA_DIR=out \ 76CA_NAME=aia-test-intermediate \ 77try openssl req \ 78 -new \ 79 -key out/aia-test-cert.key \ 80 -out out/aia-test-cert.csr \ 81 -config aia-test.cnf 82 83CA_COMMON_NAME="AIA Test Intermediate CA" \ 84 CA_DIR=out \ 85 CA_NAME=aia-test-intermediate \ 86 AIA_URL=http://aia-test.invalid \ 87 try openssl ca \ 88 -batch \ 89 -in out/aia-test-cert.csr \ 90 -out out/aia-test-cert.pem \ 91 -config aia-test.cnf \ 92 -extensions user_cert 93 94# Copy to the file names that are actually checked in. 95try cp out/aia-test-cert.pem ../certificates/aia-cert.pem 96try openssl x509 \ 97 -outform der \ 98 -in out/aia-test-intermediate.pem \ 99 -out ../certificates/aia-intermediate.der 100try cp out/aia-test-root.pem ../certificates/aia-root.pem 101