Blame | Last modification | View Log | RSS feed
#! /bin/bashROOTCA=VixPulseManifestRootCACLIENT=VixPulseManifestCLIENT_FQDN=Vix.Pulse.Manifest# Generate a config file for creating the csr (cert signing Request)cat << EOF > ${CLIENT}.cnfFQDN = ${CLIENT_FQDN}# the name of your organizationORGNAME = Vix Technology# --- no modifications required below ---[ req ]default_bits = 2048default_md = sha256prompt = noencrypt_key = nodistinguished_name = dnreq_extensions = req_extx509_extensions = x509_ext[ x509_ext ]keyUsage = digitalSignature, keyEncipherment[ dn ]C = AUO = \$ORGNAMECN = \$FQDN[ req_ext ]EOFecho Gen client certificate requestopenssl genrsa -out ${CLIENT}.key 2048 2> /dev/nullopenssl req -new -key ${CLIENT}.key -out ${CLIENT}.csr -config ${CLIENT}.cnfecho Sign with CAopenssl x509 -req -in ${CLIENT}.csr -CA ${ROOTCA}.crt -CAkey ${ROOTCA}.key -CAcreateserial -out ${CLIENT}.crt -days 36500 -sha256echo Verify keyopenssl verify -CAfile ${ROOTCA}.crt ${CLIENT}.crtecho Generate signature#set -xTESTFILE=${CLIENT}.cnfopenssl dgst -sha1 -sign ${CLIENT}.key -out file.out ${TESTFILE}echo "Verify file signature - from certificate"openssl x509 -in ${CLIENT}.crt -pubkey -noout >${CLIENT}.pubkeyopenssl dgst -sha1 -verify ${CLIENT}.pubkey -signature file.out ${TESTFILE}rm -f file.outecho Generated: ${CLIENT}.keyecho Generated: ${CLIENT}.crt FQDN: \(${CLIENT_FQDN}\)# Clean up unneeded filesrm -f *.pubkeyrm -f *.srlrm -f *.csr