1 1.1 christos #! /bin/bash 2 1.1 christos 3 1.1 christos set -e 4 1.1 christos 5 1.1.1.2 christos DAYS=182500 6 1.1 christos 7 1.1 christos key() { 8 1.1 christos local key=$1; shift 9 1.1 christos 10 1.1 christos if [ ! -f "${key}.pem" ]; then 11 1.1 christos openssl genpkey \ 12 1.1 christos -paramfile <(openssl ecparam -name prime256v1) \ 13 1.1 christos -out "${key}.pem" 14 1.1 christos fi 15 1.1 christos } 16 1.1 christos 17 1.1 christos req() { 18 1.1 christos local key=$1; shift 19 1.1 christos local dn=$1; shift 20 1.1 christos 21 1.1 christos openssl req -new -sha256 -key "${key}.pem" \ 22 1.1 christos -config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \ 23 1.1 christos "prompt = yes" "distinguished_name = dn") \ 24 1.1 christos -subj "${dn}" 25 1.1 christos } 26 1.1 christos 27 1.1 christos cert() { 28 1.1 christos local cert=$1; shift 29 1.1 christos local exts=$1; shift 30 1.1 christos 31 1.1 christos openssl x509 -req -sha256 -out "${cert}.pem" \ 32 1.1 christos -extfile <(printf "%s\n" "$exts") "$@" 33 1.1 christos } 34 1.1 christos 35 1.1 christos genroot() { 36 1.1 christos local dn=$1; shift 37 1.1 christos local key=$1; shift 38 1.1 christos local cert=$1; shift 39 1.1 christos 40 1.1 christos exts=$(printf "%s\n%s\n%s\n%s\n" \ 41 1.1 christos "subjectKeyIdentifier = hash" \ 42 1.1 christos "authorityKeyIdentifier = keyid" \ 43 1.1 christos "basicConstraints = CA:true" \ 44 1.1 christos "keyUsage = keyCertSign, cRLSign" ) 45 1.1 christos key "$key"; req "$key" "$dn" | 46 1.1 christos cert "$cert" "$exts" -signkey "${key}.pem" \ 47 1.1 christos -set_serial 1 -days "${DAYS}" 48 1.1 christos } 49 1.1 christos 50 1.1 christos genee() { 51 1.1 christos local dn=$1; shift 52 1.1 christos local key=$1; shift 53 1.1 christos local cert=$1; shift 54 1.1 christos local cakey=$1; shift 55 1.1 christos local cacert=$1; shift 56 1.1 christos 57 1.1 christos exts=$(printf "%s\n%s\n%s\n%s\n" \ 58 1.1 christos "subjectKeyIdentifier = hash" \ 59 1.1 christos "authorityKeyIdentifier = keyid, issuer" \ 60 1.1 christos "basicConstraints = CA:false" \ 61 1.1 christos "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \ 62 1.1 christos ) 63 1.1 christos key "$key"; req "$key" "$dn" | 64 1.1 christos cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ 65 1.1 christos -set_serial 2 -days "${DAYS}" "$@" 66 1.1 christos } 67 1.1 christos 68 1.1 christos 69 1.1 christos genroot "/C=SE/O=Heimdal/CN=CA secp256r1" \ 70 1.1 christos secp256r1TestCA.key secp256r1TestCA.cert 71 1.1 christos genee "/C=SE/O=Heimdal/CN=Server" \ 72 1.1 christos secp256r2TestServer.key secp256r2TestServer.cert \ 73 1.1 christos secp256r1TestCA.key secp256r1TestCA.cert 74 1.1 christos genee "/C=SE/O=Heimdal/CN=Client" \ 75 1.1 christos secp256r2TestClient.key secp256r2TestClient.cert \ 76 1.1 christos secp256r1TestCA.key secp256r1TestCA.cert 77 1.1 christos 78 1.1 christos cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem > \ 79 1.1 christos secp256r1TestCA.pem 80 1.1 christos cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem > \ 81 1.1 christos secp256r2TestClient.pem 82 1.1 christos cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem > \ 83 1.1 christos secp256r2TestServer.pem 84
Indexes created Wed Apr 15 00:22:22 UTC 2026