Edgewall Software

Ticket #6982: setup-ca.sh

File setup-ca.sh, 1.4 KB (added by dirkx@…, 4 years ago)

Script to setup a root ca, server certificate and client test certificate

Line 
1# Note - we force the serial numbers to be different
2# each time - as to ensure that the browser accepts
3# them again and again (it refuses an identical serial
4# with a different key).
5#
6
7# Create a 'root' CA
8openssl req -new -nodes -batch -x509  -text \
9    -days 10 -subj '/CN=Da Root/O=Trac testing/L=Here/C=XX' \
10    -set_serial 10$$ \
11    -keyout root.key -out root.pem
12
13# Create a certificate request for the server
14#
15openssl req -new -nodes -batch \
16        -days 9 -subj "/CN=localhost/O=Keepers of Servers/L=Here/C=XX" \
17        -keyout server.key -out server.req -batch
18
19# And get it signed by our root authority.
20#
21openssl x509 -text -req \
22        -CA root.pem -CAkey root.key \
23        -set_serial 20$$ -in server.req -out server.pem
24
25# Create a certificate request for 'Fred' the test user . Ensure it
26# has a C, O and L - as otherwise firefox may refuse to import it.
27#
28openssl req -new -nodes -batch \
29        -days 9 -subj "/CN=Fred the Test User/O=The Test Dept/L=Here/C=XX" \
30        -keyout fred.key -out fred.req -batch
31
32# And get it signed by our root authority.
33#
34openssl x509 -text -req \
35        -CA root.pem -CAkey root.key \
36        -set_serial 30$$ -in fred.req -out fred.pem
37
38# And create a p12 for easy browser import. Note that
39# it must have a password (macosx/windows will otherwise
40# given an obscure error).
41#
42openssl pkcs12 -in fred.pem  -inkey fred.key \
43        -CAfile root.pem -export -password pass:1234 -out fred.p12
44
45exit 0
46
47