unit/gencerts.sh - pub/scm/libs/ell/ell - Git at Google

 #!/usr/bin/sh

 echo "*** CA Certificate ***"
 openssl genrsa -out cert-ca-key.pem 2048
 openssl req -x509 -new -nodes -extensions ca_ext -config ./gencerts.cnf -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' -key cert-ca-key.pem -sha256 -days 10000 -out cert-ca.pem

 echo -e "\n*** Server Certificate ***"
 openssl genrsa -out cert-server-key.pem
 openssl pkcs8 -topk8 -nocrypt -in cert-server-key.pem -out cert-server-key-pkcs8.pem
 openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' -key cert-server-key.pem -out cert-server.csr
 openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-server.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-server.pem
 openssl verify -CAfile cert-ca.pem cert-server.pem

 echo -e "\n*** Client Certificate ***"
 openssl genrsa -out cert-client-key.pem
 openssl pkcs8 -topk8 -nocrypt -in cert-client-key.pem -out cert-client-key-pkcs8.pem
 openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Bar Example Organization/CN=Bar Example Organization/emailAddress=bar@mail.example' -key cert-client-key.pem -out cert-client.csr
 openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-client.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-client.pem
 openssl verify -CAfile cert-ca.pem cert-client.pem

 echo -e "\n*** Intermediate Certificate ***"
 openssl genrsa -out cert-intca-key.pem
 openssl req -new -extensions int_ext -config ./gencerts.cnf -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' -key cert-intca-key.pem -out cert-intca.csr
 openssl x509 -req -extensions int_ext -extfile ./gencerts.cnf -in cert-intca.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-intca.pem
 openssl verify -CAfile cert-ca.pem cert-intca.pem
 cat cert-intca.pem cert-ca.pem > cert-chain.pem

 echo -e "\n*** Intermediate-Signed Certificate ***"
 openssl genrsa -out cert-entity-int-key.pem
 openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Baz Example Organization/CN=Baz Example Organization/emailAddress=baz@mail.example' -key cert-entity-int-key.pem -out cert-entity-int.csr
 openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-entity-int.csr -CA cert-intca.pem -CAkey cert-intca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-entity-int.pem
 openssl verify -CAfile cert-chain.pem cert-entity-int.pem

 rm cert-ca.srl cert-client.csr cert-server.csr cert-intca.srl cert-intca.csr cert-entity-int.csr cert-entity-int-key.pem cert-intca-key.pem cert-chain.pem
	#!/usr/bin/sh

	echo "* CA Certificate *"
	openssl genrsa -out cert-ca-key.pem 2048
	openssl req -x509 -new -nodes -extensions ca_ext -config ./gencerts.cnf -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' -key cert-ca-key.pem -sha256 -days 10000 -out cert-ca.pem

	echo -e "\n* Server Certificate *"
	openssl genrsa -out cert-server-key.pem
	openssl pkcs8 -topk8 -nocrypt -in cert-server-key.pem -out cert-server-key-pkcs8.pem
	openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' -key cert-server-key.pem -out cert-server.csr
	openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-server.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-server.pem
	openssl verify -CAfile cert-ca.pem cert-server.pem

	echo -e "\n* Client Certificate *"
	openssl genrsa -out cert-client-key.pem
	openssl pkcs8 -topk8 -nocrypt -in cert-client-key.pem -out cert-client-key-pkcs8.pem
	openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Bar Example Organization/CN=Bar Example Organization/emailAddress=bar@mail.example' -key cert-client-key.pem -out cert-client.csr
	openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-client.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-client.pem
	openssl verify -CAfile cert-ca.pem cert-client.pem

	echo -e "\n* Intermediate Certificate *"
	openssl genrsa -out cert-intca-key.pem
	openssl req -new -extensions int_ext -config ./gencerts.cnf -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' -key cert-intca-key.pem -out cert-intca.csr
	openssl x509 -req -extensions int_ext -extfile ./gencerts.cnf -in cert-intca.csr -CA cert-ca.pem -CAkey cert-ca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-intca.pem
	openssl verify -CAfile cert-ca.pem cert-intca.pem
	cat cert-intca.pem cert-ca.pem > cert-chain.pem

	echo -e "\n* Intermediate-Signed Certificate *"
	openssl genrsa -out cert-entity-int-key.pem
	openssl req -new -extensions cert_ext -config ./gencerts.cnf -subj '/O=Baz Example Organization/CN=Baz Example Organization/emailAddress=baz@mail.example' -key cert-entity-int-key.pem -out cert-entity-int.csr
	openssl x509 -req -extensions cert_ext -extfile ./gencerts.cnf -in cert-entity-int.csr -CA cert-intca.pem -CAkey cert-intca-key.pem -CAcreateserial -sha256 -days 10000 -out cert-entity-int.pem
	openssl verify -CAfile cert-chain.pem cert-entity-int.pem

	rm cert-ca.srl cert-client.csr cert-server.csr cert-intca.srl cert-intca.csr cert-entity-int.csr cert-entity-int-key.pem cert-intca-key.pem cert-chain.pem