2010-07-08 22:21:38 -04:00
|
|
|
#!/bin/sh
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
if [ -d "generated" ] ; then
|
|
|
|
|
echo >&2 "error: 'generated' directory already exists. Delete it first."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
mkdir generated
|
|
|
|
|
|
|
|
|
|
# Generate the CA private key and certificate
|
2019-03-21 06:52:05 -04:00
|
|
|
openssl req -batch -subj '/CN=INSECURE Test Certificate Authority' -newkey rsa:4096 -new -x509 -days 999999 -keyout generated/ca.key -nodes -out generated/ca.crt
|
2010-07-08 22:21:38 -04:00
|
|
|
|
|
|
|
|
# Create symlinks for ssl_ca_path
|
2018-11-30 18:25:16 -05:00
|
|
|
openssl generated
|
2010-07-08 22:21:38 -04:00
|
|
|
|
|
|
|
|
# Generate the server private key and self-signed certificate
|
2019-03-21 06:52:05 -04:00
|
|
|
openssl req -batch -subj '/CN=localhost' -newkey rsa:4096 -new -x509 -days 999999 -keyout generated/server.key -nodes -out generated/selfsigned.crt
|
2010-07-08 22:21:38 -04:00
|
|
|
|
|
|
|
|
# Generate certificate signing request with bogus hostname
|
2019-03-21 06:52:05 -04:00
|
|
|
openssl req -batch -subj '/CN=bogo' -new -key generated/server.key -nodes -out generated/bogushost.csr
|
2010-07-08 22:21:38 -04:00
|
|
|
|
|
|
|
|
# Sign the certificate requests
|
2010-10-20 09:48:54 -04:00
|
|
|
openssl x509 -CA generated/ca.crt -CAkey generated/ca.key -set_serial 1 -in generated/selfsigned.crt -out generated/server.crt -clrext -extfile openssl-exts.cnf -extensions cert -days 999999
|
|
|
|
|
openssl x509 -req -CA generated/ca.crt -CAkey generated/ca.key -set_serial 1 -in generated/bogushost.csr -out generated/bogushost.crt -clrext -extfile openssl-exts.cnf -extensions cert -days 999999
|
2010-07-08 22:21:38 -04:00
|
|
|
|
|
|
|
|
# Remove certificate signing requests
|
|
|
|
|
rm -f generated/*.csr
|
|
|
|
|
|
