19bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels#!/bin/bash 29bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 39bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels# (c) CopyRight EdelWeb for EdelKey and OpenEvidence, 2000-2004, 2009 49bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels# Author: Peter Sylvester 59bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 69bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels# "libre" for integration with curl 79bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 89bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsOPENSSL=openssl 99bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsif [ -f /usr/local/ssl/bin/openssl ] ; then 109bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsOPENSSL=/usr/local/ssl/bin/openssl 119bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsfi 129bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 139bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsUSAGE="echo Usage is genroot.sh \<name\>" 149bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 159bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsHOME=`pwd` 169bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelscd $HOME 179bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 189bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsKEYSIZE=2048 199bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsDURATION=6000 209bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 219bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsPREFIX=$1 229bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsif [ ".$PREFIX" = . ] ; then 239bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels echo No configuration prefix 249bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels NOTOK=1 259bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelselse 269bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels if [ ! -f $PREFIX-ca.prm ] ; then 279bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels echo No configuration file $PREFIX-ca.prm 289bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels NOTOK=1 299bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels fi 309bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsfi 319bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 329bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsif [ ".$NOTOK" != . ] ; then 339bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels echo "Sorry, I can't do that for you." 349bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels $USAGE 359bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels exit 369bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsfi 379bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 389bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsGETSERIAL="\$t = time ;\$d = \$t . substr(\$t+$$ ,-4,4)-1;print \$d" 399bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas EckelsSERIAL=`/usr/bin/env perl -e "$GETSERIAL"` 409bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 419bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE 429bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 439bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX" 449bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsopenssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret 459bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 469bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr" 479bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels$OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret 489bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 499bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho "openssl x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL.ca-cacert -sha1 " 509bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 519bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-ca.prm -days $DURATION -req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-$SERIAL-ca.cacert -sha1 529bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 53e6cd738ed3716c02557fb3a47515244e949ade39Bertrand SIMONNETecho "openssl x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert " 54e6cd738ed3716c02557fb3a47515244e949ade39Bertrand SIMONNET$OPENSSL x509 -text -in $PREFIX-$SERIAL-ca.cacert -nameopt multiline > $PREFIX-ca.cacert 559bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 569bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho "openssl x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der " 579bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der 589bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 59e6cd738ed3716c02557fb3a47515244e949ade39Bertrand SIMONNETecho "openssl x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt " 609bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 61e6cd738ed3716c02557fb3a47515244e949ade39Bertrand SIMONNET$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt 629bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 639bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckelsecho "openssl x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline" 649bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels$OPENSSL x509 -noout -text -in $PREFIX-ca.cacert -nameopt multiline 659bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels 669bd90e6e25f1e55f50201c87a1b5837de7e5b64aLucas Eckels#$OPENSSL rsa -in ../keys/$PREFIX-ca.key -text -noout -pubout 67