1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| | #!/bin/sh
set -e
lock=$0.lock
while ! mkdir $lock 2>/dev/null
do
echo >&2 "PID=$$ waiting for $lock"
sleep 1
done
pid=$$
trap 'if test $$ -eq $pid; then rmdir $lock; fi' EXIT
certinfo() {
echo US
echo Hell
echo A Very Special Place
echo Monkeys
echo Poo-Flingers
echo 127.0.0.1
echo kgio@bogomips.org
}
certinfo2() {
certinfo
echo
echo
}
ca_certinfo () {
echo US
echo Hell
echo An Even More Special Place
echo Deranged Monkeys
echo Poo-Hurlers
echo 127.6.6.6
echo unicorn@bogomips.org
}
openssl genrsa -out ca.key 512
ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt
openssl genrsa -out bad-ca.key 512
ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt
openssl genrsa -out server.key 512
certinfo2 | openssl req -new -key server.key -out server.csr
openssl x509 -req -days 666 \
-in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
n=2
mk_client_cert () {
CLIENT=$1
openssl genrsa -out $CLIENT.key 512
certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr
openssl x509 -req -days 666 \
-in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \
-out $CLIENT.crt
rm -f $CLIENT.csr
n=$(($n + 1))
}
CA=ca
mk_client_cert client1
mk_client_cert client2
CA=bad-ca mk_client_cert bad-client
rm -f server.csr
echo OK
|