Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- DHPARAM_BITS=1024
- KEY_BITS=2048
- DAYS=730
- if [ "$1" = "force" ] || [ "$1" = "clean" ]; then
- echo;echo "----[ Delete ]----------------------------------------------------------";echo
- rm dh -v
- rm ca.key -v
- rm ca.pem -v
- rm ca.crt -v
- rm server.key -v
- rm server.req -v
- rm server.pem -v
- rm server.crt -v
- rm client.key -v
- rm client.req -v
- rm client.pem -v
- rm client.crt -v
- rm client.p12 -v
- rm serial* -v
- rm *.pem -v
- rm index* -v
- fi
- if [ "$1" != "clean" ]; then
- echo 01 > serial
- echo >> serial
- echo > index.txt
- :> index.txt
- echo;echo "----[ DHPARAM ]---------------------------------------------------------";echo
- if [ ! -f dh ]; then
- openssl dhparam -text -check -out dh "$DHPARAM_BITS"
- fi
- echo;echo "----[ CA key ]----------------------------------------------------------";echo
- if [ ! -f ca.key ]; then
- openssl genrsa -des3 -out ca.key "$KEY_BITS"
- fi
- echo;echo "----[ CA (PEM) ]--------------------------------------------------------";echo
- if [ ! -f ca.pem ]; then
- openssl req -config custom_openssl.cnf -new -x509 -days "$DAYS" -key ca.key -out ca.pem
- fi
- echo;echo "----[ CA (DER) ]--------------------------------------------------------";echo
- if [ ! -f ca.crt ]; then
- openssl x509 -outform der -in ca.pem -out ca.crt
- fi
- echo;echo "----[ Server key ]------------------------------------------------------";echo
- if [ ! -f server.key ]; then
- openssl genrsa -des3 -out server.key "$KEY_BITS"
- fi
- echo;echo "----[ Server certificate signing request ]------------------------------";echo
- if [ ! -f server.req ]; then
- openssl req -config custom_openssl.cnf -new -key server.key -out server.req
- fi
- echo;echo "----[ Server certificate (PEM) ]----------------------------------------";echo
- if [ ! -f server.pem ]; then
- openssl ca -config custom_openssl.cnf -in server.req -out server.pem -keyfile ca.key -cert ca.pem -days "$DAYS" -extensions xpserver_ext -batch -policy policy_anything
- fi
- echo;echo "----[ Server certificate (DER) ]----------------------------------------";echo
- if [ ! -f server.crt ]; then
- openssl x509 -outform der -in server.pem -out server.crt
- fi
- echo;echo "----[ Client key ]------------------------------------------------------";echo
- if [ ! -f client.key ]; then
- openssl genrsa -des3 -out client.key "$KEY_BITS"
- fi
- echo;echo "----[ Client certificate signing request ]------------------------------";echo
- if [ ! -f client.req ]; then
- openssl req -config custom_openssl.cnf -new -key client.key -out client.req
- fi
- echo;echo "----[ Client certificate (PEM) ]----------------------------------------";echo
- if [ ! -f client.pem ]; then
- openssl ca -config custom_openssl.cnf -in client.req -out client.pem -keyfile ca.key -cert ca.pem -days "$DAYS" -extensions xpclient_ext -batch -policy policy_anything
- fi
- echo;echo "----[ Client certificate (DER) ]----------------------------------------";echo
- if [ ! -f client.crt ]; then
- openssl x509 -outform der -in client.pem -out client.crt
- fi
- echo;echo "----[ Export client certificate to PKCS ]-------------------------------";echo
- if [ ! -f client.p12 ]; then
- openssl pkcs12 -export -in client.pem -inkey client.key -certfile ca.pem -out client.p12
- fi
- fi
- echo;echo "----[ END ]-------------------------------------------------------------";echo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement