diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-07-17 17:30:04 +0200 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-07-17 22:45:01 +0200 |
| commit | a0957d55059f0b6052235737f7441fc35da41afd (patch) | |
| tree | 8be825e920d6e516ef62647c5aa97df1b66012ec /test/smime-certs/mksmime-certs.sh | |
| parent | Custom key wrap option for cms utility. (diff) | |
| download | openssl-a0957d55059f0b6052235737f7441fc35da41afd.tar.xz openssl-a0957d55059f0b6052235737f7441fc35da41afd.zip | |
Scripts to recreate S/MIME test certificates.
Add a script to generate keys and certificates for the S/MIME and CMS
tests.
Update certificates and add EC examples.
Diffstat (limited to 'test/smime-certs/mksmime-certs.sh')
| -rw-r--r-- | test/smime-certs/mksmime-certs.sh | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh new file mode 100644 index 0000000000..37c5633dc0 --- /dev/null +++ b/test/smime-certs/mksmime-certs.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +# Utility to recreate S/MIME certificates + +OPENSSL=../../apps/openssl +OPENSSL_CONF=./ca.cnf +export OPENSSL_CONF + +# Root CA: create certificate directly +CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ + -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 + +# EE RSA certificates: create request first +CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa1.pem -out req.pem -newkey rsa:2048 +# Sign request: end entity extensions +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem + +CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa2.pem -out req.pem -newkey rsa:2048 +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem + +CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa3.pem -out req.pem -newkey rsa:2048 +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem + +# Create DSA parameters + +$OPENSSL dsaparam -out dsap.pem 2048 + +CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem +CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem +CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem + +# Create EC parameters + +$OPENSSL ecparam -out ecp.pem -name P-256 +$OPENSSL ecparam -out ecp2.pem -name K-283 + +CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smec1.pem -out req.pem -newkey ec:ecp.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem +CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem +# Remove temp files. +rm -f req.pem ecp.pem ecp2.pem dsap.pem smroot.srl |