1 #!/bin/sh 2 3 # Copyright 2013 The Chromium Authors. All rights reserved. 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 7 # This script generates a set of test (end-entity, intermediate, root) 8 # certificates that can be used to test fetching of an intermediate via AIA. 9 10 try() { 11 echo "$@" 12 $@ || exit 1 13 } 14 15 try rm -rf out 16 try mkdir out 17 18 try echo 1 > out/2048-sha1-root-serial 19 touch out/2048-sha1-root-index.txt 20 21 # Generate the key 22 try openssl genrsa -out out/2048-sha1-root.key 2048 23 24 # Generate the root certificate 25 CA_COMMON_NAME="Test Root CA" \ 26 try openssl req \ 27 -new \ 28 -key out/2048-sha1-root.key \ 29 -out out/2048-sha1-root.req \ 30 -config ca.cnf 31 32 CA_COMMON_NAME="Test Root CA" \ 33 try openssl x509 \ 34 -req -days 3650 \ 35 -in out/2048-sha1-root.req \ 36 -out out/2048-sha1-root.pem \ 37 -text \ 38 -signkey out/2048-sha1-root.key \ 39 -extfile ca.cnf \ 40 -extensions ca_cert 41 42 # Generate the leaf certificate requests 43 try openssl req \ 44 -new \ 45 -keyout out/expired_cert.key \ 46 -out out/expired_cert.req \ 47 -config ee.cnf 48 49 try openssl req \ 50 -new \ 51 -keyout out/ok_cert.key \ 52 -out out/ok_cert.req \ 53 -config ee.cnf 54 55 # Generate the leaf certificates 56 CA_COMMON_NAME="Test Root CA" \ 57 try openssl ca \ 58 -batch \ 59 -extensions user_cert \ 60 -startdate 060101000000Z \ 61 -enddate 070101000000Z \ 62 -in out/expired_cert.req \ 63 -out out/expired_cert.pem \ 64 -config ca.cnf 65 66 CA_COMMON_NAME="Test Root CA" \ 67 try openssl ca \ 68 -batch \ 69 -extensions user_cert \ 70 -days 3650 \ 71 -in out/ok_cert.req \ 72 -out out/ok_cert.pem \ 73 -config ca.cnf 74 75 cat out/ok_cert.key out/ok_cert.pem \ 76 > ../certificates/ok_cert.pem 77 cat out/expired_cert.key out/expired_cert.pem \ 78 > ../certificates/expired_cert.pem 79 cat out/2048-sha1-root.key out/2048-sha1-root.pem \ 80 > ../certificates/root_ca_cert.pem 81 82