X-Git-Url: http://lab.mitty.jp/git/?a=blobdiff_plain;f=openssl%2FCA.sh;fp=openssl%2FCA.sh;h=0000000000000000000000000000000000000000;hb=8333ea00a9fe608c90c20af12ea0c51548f66f4e;hp=3c2c1bac0e06ed80dc98dcf041e59589ace164f7;hpb=920ad9e17feea13643c407944f9452b03bd45b6e;p=lab.git diff --git a/openssl/CA.sh b/openssl/CA.sh deleted file mode 100755 index 3c2c1ba..0000000 --- a/openssl/CA.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/sh -# -# CA - wrapper around ca to make it easier to use ... basically ca requires -# some setup stuff to be done before you can use it and this makes -# things easier between now and when Eric is convinced to fix it :-) -# -# CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request -# CA -sign ... will sign the generated request and output -# -# At the end of that grab newreq.pem and newcert.pem (one has the key -# and the other the certificate) and cat them together and that is what -# you want/need ... I'll make even this a little cleaner later. -# -# -# 12-Jan-96 tjh Added more things ... including CA -signcert which -# converts a certificate to a request and then signs it. -# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG -# environment variable so this can be driven from -# a script. -# 25-Jul-96 eay Cleaned up filenames some more. -# 11-Jun-96 eay Fixed a few filename missmatches. -# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. -# 18-Apr-96 tjh Original hacking -# -# Tim Hudson -# tjh@cryptsoft.com -# - -# default openssl.cnf file has setup as per the following -# demoCA ... where everything is stored - -if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi - -DAYS="-days 3650" # 10 years -CADAYS="-days 3650" # 10 years -REQ="$OPENSSL req $SSLEAY_CONFIG" -CA="$OPENSSL ca $SSLEAY_CONFIG" -VERIFY="$OPENSSL verify" -X509="$OPENSSL x509" - -CATOP=./demoCA -CAKEY=./cakey.pem -CAREQ=./careq.pem -CACERT=./cacert.pem - -for i -do -case $i in --\?|-h|-help) - echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 - exit 0 - ;; --newcert) - # create a certificate - $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS - RET=$? - echo "Certificate is in newcert.pem, private key is in newkey.pem" - ;; --newreq) - # create a certificate request - $REQ -new -keyout newkey.pem -out newreq.pem $DAYS - RET=$? - echo "Request is in newreq.pem, private key is in newkey.pem" - ;; --newca) - # if explicitly asked for or it doesn't exist then setup the directory - # structure that Eric likes to manage things - NEW="1" - if [ "$NEW" -o ! -f ${CATOP}/serial ]; then - # create the directory hierarchy - mkdir ${CATOP} - mkdir ${CATOP}/certs - mkdir ${CATOP}/crl - mkdir ${CATOP}/newcerts - mkdir ${CATOP}/private - echo "00" > ${CATOP}/serial - touch ${CATOP}/index.txt - fi - if [ ! -f ${CATOP}/private/$CAKEY ]; then - echo "CA certificate filename (or enter to create)" - read FILE - - # ask user for existing CA certificate - if [ "$FILE" ]; then - cp $FILE ${CATOP}/private/$CAKEY - RET=$? - else - echo "Making CA certificate ..." - $REQ -new -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CAREQ - $CA -out ${CATOP}/$CACERT $CADAYS -batch \ - -keyfile ${CATOP}/private/$CAKEY -selfsign \ - -extensions v3_ca \ - -infiles ${CATOP}/$CAREQ - RET=$? - fi - fi - ;; --xsign) - $CA -policy policy_anything -infiles newreq.pem - RET=$? - ;; --sign|-signreq) - $CA -policy policy_anything -out newcert.pem -infiles newreq.pem - RET=$? - cat newcert.pem - echo "Signed certificate is in newcert.pem" - ;; --signcert) - echo "Cert passphrase will be requested twice - bug?" - $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem - $CA -policy policy_anything -out newcert.pem -infiles tmp.pem - cat newcert.pem - echo "Signed certificate is in newcert.pem" - ;; --verify) - shift - if [ -z "$1" ]; then - $VERIFY -CAfile $CATOP/$CACERT newcert.pem - RET=$? - else - for j - do - $VERIFY -CAfile $CATOP/$CACERT $j - if [ $? != 0 ]; then - RET=$? - fi - done - fi - exit 0 - ;; -*) - echo "Unknown arg $i"; - exit 1 - ;; -esac -done -exit $RET -