projects / webscarab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add missing classes
[webscarab.git] / doc / cert.sh
1 #!/bin/sh
2
3 if [ ! -d sslcerts ] ; then
4   mkdir sslcerts || die "Couldn't create sslcerts directory"
5 fi
6 if [ ! -d sslcerts/certs ] ; then
7   mkdir sslcerts/certs || die "Couldn't create certs directory"
8 fi
9 if [ ! -d sslcerts/private ] ; then
10   mkdir sslcerts/private || die "Couldn't create private directory"
11 fi
12 if [ ! -f sslcerts/serial ] ; then
13   echo '100001' > sslcerts/serial
14 fi
15 touch sslcerts/certindex.txt
16 if [ ! -f sslcerts/openssl.cnf ] ; then
17   cat <<-EOF > sslcerts/openssl.cnf
18         #
19         # OpenSSL configuration file.
20         #
21
22         # Establish working directory.
23  
24         dir                     = .
25
26         [ ca ]
27         default_ca              = CA_default
28
29         [ CA_default ]
30         serial                  = ./serial
31         database                = ./certindex.txt
32         new_certs_dir           = ./certs
33         certificate             = ./ca_cert.pem
34         private_key             = ./private/ca_key.pem
35         default_days            = 365
36         default_md              = md5
37         preserve                = no
38         email_in_dn             = no
39         nameopt                 = default_ca
40         certopt                 = default_ca
41         policy                  = policy_anything
42
43         [ policy_match ]
44         countryName             = match
45         stateOrProvinceName     = match
46         organizationName        = match
47         organizationalUnitName  = match
48         commonName              = supplied
49         emailAddress            = optional
50
51         [ policy_anything ]
52         countryName             = optional
53         stateOrProvinceName     = optional
54         localityName            = optional
55         organizationName        = optional
56         organizationalUnitName  = optional
57         commonName              = supplied
58         emailAddress            = optional
59
60  
61         [ req ]
62         default_bits            = 1024                  # Size of keys
63         default_keyfile         = key.pem               # name of generated keys
64         default_md              = md5                   # message digest algorithm
65         string_mask             = nombstr               # permitted characters
66         distinguished_name      = req_distinguished_name
67         req_extensions          = v3_req
68  
69         [ req_distinguished_name ]
70         # Variable name                         Prompt string
71         #-------------------------        ----------------------------------
72         0.organizationName      = Organization Name (company)
73         organizationalUnitName  = Organizational Unit Name (department, division)
74         emailAddress            = Email Address
75         emailAddress_max        = 40
76         localityName            = Locality Name (city, district)
77         stateOrProvinceName     = State or Province Name (full name)
78         countryName             = Country Name (2 letter code)
79         countryName_min         = 2
80         countryName_max         = 2
81         commonName              = Common Name (hostname, IP, or your name)
82         commonName_max          = 64
83
84         # Default values for the above, for consistency and less typing.
85         # Variable name                 Value
86         #------------------------  ------------------------------
87         0.organizationName_default      = WebScarab
88         localityName_default            = WebScarab
89         stateOrProvinceName_default     = WebScarab
90         countryName_default             = ZA
91  
92         [ v3_ca ]
93         basicConstraints                = CA:TRUE
94         subjectKeyIdentifier            = hash
95         authorityKeyIdentifier          = keyid:always,issuer:always
96
97         [ v3_req ]
98         basicConstraints                = CA:FALSE
99         subjectKeyIdentifier            = hash
100         EOF
101 fi
102
103 if [ ! -f sslcerts/private/ca_key.pem -a ! -f sslcerts/ca_cert.p12 ] ; then
104   printf "\n\n\n\n\n\n\n" | \
105   openssl req -new -x509 -extensions v3_ca -keyout sslcerts/private/ca_key.pem \
106     -out sslcerts/ca_cert.pem -days 3650 -config ./sslcerts/openssl.cnf \
107     -passin pass:password -passout pass:password
108 fi
109
110 cd sslcerts
111
112 # Create the cert for the specified site
113 if [ ! -f $1-req.pem ] ; then
114   printf "\n\n\n\n\n\n$1\n" | \
115   openssl req -new -nodes \
116     -out $1-req.pem -keyout ./private/$1-key.pem \
117     -days 3650 -config ./openssl.cnf
118 fi
119
120 if [ ! -f $1-cert.pem ] ; then
121   printf "y\ny\n" | \
122   openssl ca -out $1-cert.pem -days 3650 \
123     -key password -config ./openssl.cnf -infiles $1-req.pem
124 fi
125
126 if [ ! -f ../$1.p12 ] ; then
127   openssl pkcs12 -export -in $1-cert.pem -inkey ./private/$1-key.pem \
128     -certfile ca_cert.pem -out ../$1.p12 -password pass:password
129 fi
130
Rogan Dawes' WebScarab repository