1
0
mirror of https://github.com/henrydcase/optee_eng.git synced 2024-11-25 16:41:39 +00:00
optee_eng/cfg/create_certs.sh

84 lines
2.0 KiB
Bash
Raw Normal View History

2021-01-07 23:57:00 +00:00
#!/bin/sh
# Re-creates certificates for server and client VPN
OPENSSL_BIN=openssl
OPENSSL_REHASH_BIN=c_rehash
TMP_DIR=certs
set -x
create_openvpn_pki()
{
# Create CA key and certificate
${OPENSSL_BIN} ecparam \
-name secp256r1 \
-genkey \
-out ${TMP_DIR}/ca.key || exit;
${OPENSSL_BIN} req \
-new \
-config openssl.cnf \
-x509 \
-extensions v3_ca \
-key ${TMP_DIR}/ca.key \
-out ${TMP_DIR}/ca.cert \
-days 9999 \
-subj "/O=Among Bytes, vpn.testlab.com/CN=Root Cert G1" \
-batch || exit;
# Create server certificate
${OPENSSL_BIN} ecparam \
-name secp256r1 \
-genkey \
-out ${TMP_DIR}/server.key || exit;
${OPENSSL_BIN} req \
-new \
-config openssl.cnf \
-key ${TMP_DIR}/server.key \
-out ${TMP_DIR}/server.csr \
-subj "/O=Cert Testing ORG/CN=vpn.testlab.com" \
-batch || exit;
${OPENSSL_BIN} x509 \
-extfile openssl.cnf \
-extensions server_cert \
-req \
-CA ${TMP_DIR}/ca.cert \
-CAkey ${TMP_DIR}/ca.key \
-CAcreateserial \
-in ${TMP_DIR}/server.csr \
-out ${TMP_DIR}/server.cert \
-days 9999 || exit;
OPENSSL=${OPENSSL_BIN} ${OPENSSL_REHASH_BIN} ${TMP_DIR}
${OPENSSL_BIN} verify \
-CApath ${TMP_DIR} \
${TMP_DIR}/server.cert || exit;
# Create client certificate
${OPENSSL_BIN} ecparam \
-name secp256r1 \
-genkey \
-out ${TMP_DIR}/client.key || exit;
${OPENSSL_BIN} req \
-new \
-config openssl.cnf \
-key ${TMP_DIR}/client.key \
-out ${TMP_DIR}/client.csr \
-subj "/O=Cert Testing ORG/CN=Client Cert" \
-batch || exit;
${OPENSSL_BIN} x509 \
-extfile openssl.cnf \
-extensions client_cert \
-req \
-CA ${TMP_DIR}/ca.cert \
-CAkey ${TMP_DIR}/ca.key \
-CAcreateserial \
-in ${TMP_DIR}/client.csr \
-out ${TMP_DIR}/client.cert \
-days 9999 || exit;
${OPENSSL_BIN} verify \
-CApath ${TMP_DIR}/ \
${TMP_DIR}/client.cert || exit;
}
rm -rf ${TMP_DIR}
mkdir -p ${TMP_DIR}
create_openvpn_pki