1 1.1 christos #!/bin/sh 2 1.1 christos 3 1.1 christos opensslcmd() { 4 1.1 christos LD_LIBRARY_PATH=../.. ../../apps/openssl $@ 5 1.1 christos } 6 1.1 christos 7 1.1 christos # report the openssl version 8 1.1 christos opensslcmd version 9 1.1 christos 10 1.1 christos echo "Creating private keys and certs..." 11 1.1 christos 12 1.1 christos ##### 13 1.1 christos 14 1.1 christos # root CA private key 15 1.1 christos opensslcmd genpkey \ 16 1.1 christos -algorithm EC \ 17 1.1 christos -pkeyopt ec_paramgen_curve:secp521r1 \ 18 1.1 christos -pkeyopt ec_param_enc:named_curve \ 19 1.1 christos -out root-key.pem 20 1.1 christos 21 1.1 christos # root CA certificate (self-signed) 22 1.1 christos opensslcmd req \ 23 1.1 christos -config ca.cnf \ 24 1.1 christos -x509 \ 25 1.1 christos -days 3650 \ 26 1.1 christos -key root-key.pem \ 27 1.1 christos -subj /CN=TestRootCA \ 28 1.1 christos -out root-cert.pem 29 1.1 christos ##### 30 1.1 christos 31 1.1 christos # intermediate CA private key 32 1.1 christos opensslcmd genpkey \ 33 1.1 christos -algorithm EC \ 34 1.1 christos -pkeyopt ec_paramgen_curve:secp384r1 \ 35 1.1 christos -pkeyopt ec_param_enc:named_curve \ 36 1.1 christos -out intermediate-key.pem 37 1.1 christos 38 1.1 christos # intermediate CA certificate-signing-request 39 1.1 christos opensslcmd req \ 40 1.1 christos -config ca.cnf \ 41 1.1 christos -new \ 42 1.1 christos -key intermediate-key.pem \ 43 1.1 christos -subj /CN=TestIntermediateCA \ 44 1.1 christos -out intermediate-csr.pem 45 1.1 christos 46 1.1 christos # intermediate CA certificate (signed by root CA) 47 1.1 christos opensslcmd req \ 48 1.1 christos -config ca.cnf \ 49 1.1 christos -x509 \ 50 1.1 christos -days 1825 \ 51 1.1 christos -CA root-cert.pem \ 52 1.1 christos -CAkey root-key.pem \ 53 1.1 christos -in intermediate-csr.pem \ 54 1.1 christos -copy_extensions copyall \ 55 1.1 christos -out intermediate-cert.pem 56 1.1 christos ##### 57 1.1 christos 58 1.1 christos # server key 59 1.1 christos opensslcmd genpkey \ 60 1.1 christos -algorithm EC \ 61 1.1 christos -pkeyopt ec_paramgen_curve:prime256v1 \ 62 1.1 christos -pkeyopt ec_param_enc:named_curve \ 63 1.1 christos -out server-key.pem 64 1.1 christos 65 1.1 christos # server certificate-signing-request 66 1.1 christos opensslcmd req \ 67 1.1 christos -config ca.cnf \ 68 1.1 christos -extensions usr_cert \ 69 1.1 christos -new \ 70 1.1 christos -key server-key.pem \ 71 1.1 christos -subj /CN=TestServerCA \ 72 1.1 christos -out server-csr.pem 73 1.1 christos 74 1.1 christos # server certificate (signed by intermediate CA) 75 1.1 christos opensslcmd req \ 76 1.1 christos -config ca.cnf \ 77 1.1 christos -extensions usr_cert \ 78 1.1 christos -x509 \ 79 1.1 christos -days 365 \ 80 1.1 christos -CA intermediate-cert.pem \ 81 1.1 christos -CAkey intermediate-key.pem \ 82 1.1 christos -in server-csr.pem \ 83 1.1 christos -copy_extensions copyall \ 84 1.1 christos -out server-cert.pem 85 1.1 christos ##### 86 1.1 christos 87 1.1 christos rm -f index.txt index.txt.attr 88 1.1 christos echo -n > index.txt 89 1.1 christos opensslcmd ca \ 90 1.1 christos -config ca.cnf \ 91 1.1 christos -valid server-cert.pem \ 92 1.1 christos -keyfile intermediate-key.pem \ 93 1.1 christos -cert intermediate-cert.pem 94 1.1 christos rm -f index.txt.old 95 1.1 christos ##### 96 1.1 christos 97 1.1 christos cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem 98 1.1 christos cat intermediate-cert.pem intermediate-key.pem > ocsp.pem 99 1.1 christos 100 1.1 christos echo "Done." 101
Indexes created Sun Mar 01 05:31:48 UTC 2026