API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 17th, 2012
437
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.50 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. DHPARAM_BITS=1024
  4. KEY_BITS=2048
  5. DAYS=730
  6.  
  7. if [ "$1" = "force" ] || [ "$1" = "clean" ]; then
  8.     echo;echo "----[ Delete ]----------------------------------------------------------";echo
  9.     rm dh -v
  10.     rm ca.key -v
  11.     rm ca.pem -v
  12.     rm ca.crt -v
  13.     rm server.key -v
  14.     rm server.req -v
  15.     rm server.pem -v
  16.     rm server.crt -v
  17.         rm client.key -v
  18.         rm client.req -v
  19.         rm client.pem -v
  20.     rm client.crt -v
  21.     rm client.p12 -v
  22.  
  23.         rm serial* -v
  24.         rm *.pem -v
  25.         rm index* -v
  26. fi
  27.  
  28. if [ "$1" != "clean" ]; then
  29.         echo 01 > serial
  30.         echo >> serial
  31.         echo > index.txt
  32.         :> index.txt
  33.  
  34.     echo;echo "----[ DHPARAM ]---------------------------------------------------------";echo
  35.     if [ ! -f dh ]; then
  36.             openssl dhparam -text -check -out dh "$DHPARAM_BITS"
  37.     fi
  38.    
  39.     echo;echo "----[ CA key ]----------------------------------------------------------";echo
  40.     if [ ! -f ca.key ]; then
  41.             openssl genrsa -des3 -out ca.key "$KEY_BITS"
  42.     fi
  43.    
  44.     echo;echo "----[ CA (PEM) ]--------------------------------------------------------";echo
  45.     if [ ! -f ca.pem ]; then
  46.             openssl req -config custom_openssl.cnf -new -x509 -days "$DAYS" -key ca.key -out ca.pem
  47.     fi
  48.    
  49.     echo;echo "----[ CA (DER) ]--------------------------------------------------------";echo
  50.     if [ ! -f ca.crt ]; then
  51.             openssl x509 -outform der -in ca.pem -out ca.crt
  52.     fi
  53.    
  54.     echo;echo "----[ Server key ]------------------------------------------------------";echo
  55.     if [ ! -f server.key ]; then
  56.             openssl genrsa -des3 -out server.key "$KEY_BITS"
  57.     fi
  58.    
  59.     echo;echo "----[ Server certificate signing request ]------------------------------";echo
  60.     if [ ! -f server.req ]; then
  61.             openssl req -config custom_openssl.cnf -new -key server.key -out server.req
  62.     fi
  63.    
  64.     echo;echo "----[ Server certificate (PEM) ]----------------------------------------";echo
  65.     if [ ! -f server.pem ]; then
  66.             openssl ca -config custom_openssl.cnf -in server.req -out server.pem -keyfile ca.key -cert ca.pem -days "$DAYS" -extensions xpserver_ext -batch -policy policy_anything
  67.     fi
  68.    
  69.     echo;echo "----[ Server certificate (DER) ]----------------------------------------";echo
  70.     if [ ! -f server.crt ]; then
  71.             openssl x509 -outform der -in server.pem -out server.crt
  72.     fi
  73.    
  74.     echo;echo "----[ Client key ]------------------------------------------------------";echo
  75.     if [ ! -f client.key ]; then
  76.             openssl genrsa -des3 -out client.key "$KEY_BITS"
  77.     fi
  78.    
  79.     echo;echo "----[ Client certificate signing request ]------------------------------";echo
  80.     if [ ! -f client.req ]; then
  81.             openssl req -config custom_openssl.cnf -new -key client.key -out client.req
  82.     fi
  83.    
  84.     echo;echo "----[ Client certificate (PEM) ]----------------------------------------";echo
  85.     if [ ! -f client.pem ]; then
  86.             openssl ca -config custom_openssl.cnf -in client.req -out client.pem -keyfile ca.key -cert ca.pem -days "$DAYS" -extensions xpclient_ext -batch -policy policy_anything
  87.     fi
  88.    
  89.     echo;echo "----[ Client certificate (DER) ]----------------------------------------";echo
  90.     if [ ! -f client.crt ]; then
  91.             openssl x509 -outform der -in client.pem -out client.crt
  92.     fi
  93.    
  94.     echo;echo "----[ Export client certificate to PKCS ]-------------------------------";echo
  95.     if [ ! -f client.p12 ]; then
  96.             openssl pkcs12 -export -in client.pem -inkey client.key -certfile ca.pem -out client.p12
  97.     fi
  98. fi
  99.  
  100. echo;echo "----[ END ]-------------------------------------------------------------";echo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!