pub/latls
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
094aadde60003faa92af552e6aec6961138cc856
latls/tests/fixtures/setup_fixtures.sh
Kris Kwiatkowski 094aadde60
All checks were successful
CI / no-std (push) Successful in 26s
Details
CI / clippy (push) Successful in 27s
Details
CI / build (push) Successful in 27s
Details
CI / test (push) Successful in 42s
Details
Initial commit 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-21 08:49:41 +00:00

71 lines
3.1 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
SUBJ_CA="/C=US/ST=State/L=City/O=TestOrg/CN=TestRootCA"
SUBJ_IM="/C=US/ST=State/L=City/O=TestOrg/CN=TestIntermediateCA"
SUBJ_SRV="/CN=localhost"
SUBJ_CLI="/C=US/ST=State/L=City/O=TestOrg/CN=TestClient"
SUBJ_RSA_CA="/C=US/ST=State/L=City/O=TestOrg/CN=TestRsaRootCA"
EXT_CA="basicConstraints=critical,CA:TRUE\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid:always"
EXT_LEAF="basicConstraints=CA:FALSE\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid,issuer"
# Root CA
openssl ecparam -name prime256v1 -genkey -noout -out root-ca-key.pem
openssl req -new -x509 -sha256 -key root-ca-key.pem -days 3650 -out root-ca.pem -subj "$SUBJ_CA"
# Intermediate CA
openssl ecparam -name prime256v1 -genkey -noout -out intermediate-ca-key.pem
openssl req -new -sha256 -key intermediate-ca-key.pem -out _im.csr -subj "$SUBJ_IM"
openssl x509 -req -in _im.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out intermediate-ca.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_CA")
rm _im.csr
# Server leaf cert (signed by root CA)
openssl ecparam -name prime256v1 -genkey -noout -out leaf-server-key.pem
openssl req -new -sha256 -key leaf-server-key.pem -out _srv.csr -subj "$SUBJ_SRV"
openssl x509 -req -in _srv.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out leaf-server.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _srv.csr
# Client leaf cert (signed by root CA)
openssl ecparam -name prime256v1 -genkey -noout -out leaf-client-key.pem
openssl req -new -sha256 -key leaf-client-key.pem -out _cli.csr -subj "$SUBJ_CLI"
openssl x509 -req -in _cli.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out leaf-client.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _cli.csr
# Intermediate server cert + chain
openssl ecparam -name prime256v1 -genkey -noout -out intermediate-server-key.pem
openssl req -new -sha256 -key intermediate-server-key.pem -out _imsrv.csr -subj "$SUBJ_SRV"
openssl x509 -req -in _imsrv.csr -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem \
-CAcreateserial -out intermediate-server.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _imsrv.csr
cat intermediate-server.pem intermediate-ca.pem > chain.pem
# RSA root CA
openssl req -x509 -newkey rsa:2048 -keyout rsa-root-ca-key.pem -nodes \
-out rsa-root-ca.pem -sha256 -days 3650 -subj "$SUBJ_RSA_CA" \
-addext "basicConstraints=critical,CA:TRUE" \
-addext "subjectKeyIdentifier=hash"
# RSA server cert
openssl req -newkey rsa:2048 -keyout rsa-leaf-server-key.pem -nodes \
-out _rsasrv.csr -sha256 -subj "$SUBJ_SRV"
openssl x509 -req -CA rsa-root-ca.pem -CAkey rsa-root-ca-key.pem \
-in _rsasrv.csr -out rsa-leaf-server.pem -days 3650 -sha256 -CAcreateserial \
-extfile <(printf "$EXT_LEAF")
rm _rsasrv.csr
# RSA client cert
openssl req -newkey rsa:2048 -keyout rsa-leaf-client-key.pem -nodes \
-out _rsacli.csr -sha256 -subj "$SUBJ_CLI"
openssl x509 -req -CA rsa-root-ca.pem -CAkey rsa-root-ca-key.pem \
-in _rsacli.csr -out rsa-leaf-client.pem -days 3650 -sha256 -CAcreateserial \
-extfile <(printf "$EXT_LEAF")
rm _rsacli.csr
Reference in New Issue View Git Blame Copy Permalink