1 #!/bin/sh 2 3 # Recreate the demo certificates in the apps directory. 4 5 OPENSSL=openssl 6 7 # Root CA: create certificate directly 8 CN="OpenSSL Test Root CA" $OPENSSL req -config apps.cnf -x509 -nodes \ 9 -keyout root.pem -out root.pem -key rootkey.pem -new -days 3650 10 # Intermediate CA: request first 11 CN="OpenSSL Test Intermediate CA" $OPENSSL req -config apps.cnf -nodes \ 12 -key intkey.pem -out intreq.pem -new 13 # Sign request: CA extensions 14 $OPENSSL x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \ 15 -extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem 16 # Client certificate: request first 17 CN="Test Client Cert" $OPENSSL req -config apps.cnf -nodes \ 18 -key ckey.pem -out creq.pem -new 19 # Sign using intermediate CA 20 $OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ 21 -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ 22 $OPENSSL x509 -nameopt oneline -subject -issuer >client.pem 23 # Server certificate: request first 24 CN="Test Server Cert" $OPENSSL req -config apps.cnf -nodes \ 25 -key skey.pem -out sreq.pem -new 26 # Sign using intermediate CA 27 $OPENSSL x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ 28 -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ 29 $OPENSSL x509 -nameopt oneline -subject -issuer >server.pem 30 # Server certificate #2: request first 31 CN="Test Server Cert #2" $OPENSSL req -config apps.cnf -nodes \ 32 -key skey2.pem -out sreq2.pem -new 33 # Sign using intermediate CA 34 $OPENSSL x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ 35 -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ 36 $OPENSSL x509 -nameopt oneline -subject -issuer >server2.pem 37 38 # Append keys to file. 39 40 cat skey.pem >>server.pem 41 cat skey2.pem >>server2.pem 42 cat ckey.pem >>client.pem 43 44 $OPENSSL verify -CAfile root.pem -untrusted intca.pem \ 45 server2.pem server.pem client.pem 46
Indexes created Sat Feb 28 05:31:39 UTC 2026