Subversion Repositories DevTools

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
6930 dpurdie 1 
#! /bin/bash
2 
 
3 
ROOTCA=VixPulseManifestRootCA
4 
CLIENT=VixPulseManifest
5 
CLIENT_FQDN=Vix.Pulse.Manifest
6 
 
7 
# Generate a config file for creating the csr (cert signing Request)
8 
cat << EOF > ${CLIENT}.cnf
9 
FQDN = ${CLIENT_FQDN}
10 
 
11 
# the name of your organization
12 
ORGNAME = Vix Technology
13 
 
14 
# --- no modifications required below ---
15 
[ req ]
16 
default_bits = 2048
17 
default_md = sha256
18 
prompt = no
19 
encrypt_key = no
20 
 
21 
distinguished_name = dn
22 
req_extensions = req_ext
23 
x509_extensions     = x509_ext
24 
 
25 
[ x509_ext ]
26 
keyUsage            = digitalSignature, keyEncipherment
27 
 
28 
[ dn ]
29 
C = AU
30 
O = \$ORGNAME
31 
CN = \$FQDN
32 
 
33 
[ req_ext ]
34 
 
35 
EOF
36 
 
37 
echo Gen client certificate request
38 
openssl genrsa -out ${CLIENT}.key 2048 2> /dev/null
39 
openssl req -new -key ${CLIENT}.key -out ${CLIENT}.csr -config  ${CLIENT}.cnf
40 
 
41 
echo Sign with CA
42 
openssl x509 -req -in ${CLIENT}.csr -CA ${ROOTCA}.crt -CAkey ${ROOTCA}.key -CAcreateserial -out ${CLIENT}.crt -days 36500 -sha256
43 
 
44 
echo Verify key
45 
openssl verify -CAfile ${ROOTCA}.crt ${CLIENT}.crt
46 
 
47 
echo Generate signature
48 
#set -x
49 
TESTFILE=${CLIENT}.cnf
50 
openssl dgst -sha1 -sign ${CLIENT}.key  -out file.out ${TESTFILE}
51 
 
52 
echo "Verify file signature - from certificate"
53 
openssl x509  -in ${CLIENT}.crt -pubkey -noout >${CLIENT}.pubkey
54 
openssl dgst -sha1 -verify ${CLIENT}.pubkey  -signature file.out ${TESTFILE}
55 
rm -f file.out
56 
 
57 
echo Generated: ${CLIENT}.key
58 
echo Generated: ${CLIENT}.crt  FQDN: \(${CLIENT_FQDN}\)
59 
 
60 
 
61 
# Clean up unneeded files
62 
rm -f *.pubkey
63 
rm -f *.srl
64 
rm -f *.csr
65 
 
66 
 
67