-
Notifications
You must be signed in to change notification settings - Fork 14
/
gen_all_certs.sh
executable file
·30 lines (26 loc) · 1.46 KB
/
gen_all_certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/bin/zsh
# this script generates all certificates and keys for the SCA, TLS, and upload
# all certificates are self-signed
# the DN is taken from the configuration file passed as argument
# -----------------------------------------------------------------
# SCA is valid for 4 years
DAYS_CA=1461
# TLS is valid for 1 year
DAYS_TLS=365
# Upload Cert is valid for 1 year
DAYS_UPLOAD=365
if [ $# -ne 1 ]; then
echo "Usage: $0 DN configuration"
exit 1
fi
source $1
# generate a new directory for each run
subdir=${OSSL_COUNTRY_NAME}_$(date +%Y%m%d%H%M%S)
mkdir -p ${subdir}
# generate the certificates and keys for the SCA, TLS, and upload
#openssl req -x509 -new -days ${DAYS_CA} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/SCA.key -nodes -out ${subdir}/SCA.pem -config sca.conf
openssl req -x509 -new -days ${DAYS_CA} -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -extensions ext -keyout ${subdir}/SCA.key -nodes -out ${subdir}/SCA.pem -config sca.conf
openssl req -x509 -new -days ${DAYS_TLS} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/TLS.key -nodes -out ${subdir}/TLS.pem -config TLSClient.conf
openssl req -x509 -new -days ${DAYS_UPLOAD} -newkey ec:<(openssl ecparam -name prime256v1) -extensions ext -keyout ${subdir}/UP.key -nodes -out ${subdir}/UP.pem -config uploadCert.conf
#special case to only place CA.pem file for self-signed TLS cert as a copy
cat ${subdir}/TLS.pem > ${subdir}/CA.pem