1 #!/bin/sh 2 3 # Copyright 2013 The Chromium Authors. All rights reserved. 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 7 # This script generates a set of test (end-entity, intermediate, root) 8 # certificates that can be used to test fetching of an intermediate via AIA. 9 10 try() { 11 echo "$@" 12 "$@" || exit 1 13 } 14 15 try rm -rf out 16 try mkdir out 17 18 # Create the serial number files. 19 try /bin/sh -c "echo 01 > out/aia-test-root-serial" 20 try /bin/sh -c "echo 01 > out/aia-test-intermediate-serial" 21 22 # Create the signers' DB files. 23 touch out/aia-test-root-index.txt 24 touch out/aia-test-intermediate-index.txt 25 26 # Generate the keys 27 try openssl genrsa -out out/aia-test-root.key 2048 28 try openssl genrsa -out out/aia-test-intermediate.key 2048 29 try openssl genrsa -out out/aia-test-cert.key 2048 30 31 # Generate the root certificate 32 CA_COMMON_NAME="AIA Test Root CA" \ 33 CA_DIR=out \ 34 CA_NAME=aia-test-root \ 35 try openssl req \ 36 -new \ 37 -key out/aia-test-root.key \ 38 -out out/aia-test-root.csr \ 39 -config aia-test.cnf 40 41 CA_COMMON_NAME="AIA Test Root CA" \ 42 CA_DIR=out \ 43 CA_NAME=aia-test-root \ 44 try openssl x509 \ 45 -req -days 3650 \ 46 -in out/aia-test-root.csr \ 47 -out out/aia-test-root.pem \ 48 -signkey out/aia-test-root.key \ 49 -extfile aia-test.cnf \ 50 -extensions ca_cert \ 51 -text 52 53 # Generate the intermediate 54 CA_COMMON_NAME="AIA Test Intermediate CA" \ 55 CA_DIR=out \ 56 CA_NAME=aia-test-root \ 57 try openssl req \ 58 -new \ 59 -key out/aia-test-intermediate.key \ 60 -out out/aia-test-intermediate.csr \ 61 -config aia-test.cnf 62 63 CA_COMMON_NAME="AIA Test Intermediate CA" \ 64 CA_DIR=out \ 65 CA_NAME=aia-test-root \ 66 try openssl ca \ 67 -batch \ 68 -in out/aia-test-intermediate.csr \ 69 -out out/aia-test-intermediate.pem \ 70 -config aia-test.cnf \ 71 -extensions ca_cert 72 73 # Generate the leaf 74 CA_COMMON_NAME="aia-host.invalid" \ 75 CA_DIR=out \ 76 CA_NAME=aia-test-intermediate \ 77 try openssl req \ 78 -new \ 79 -key out/aia-test-cert.key \ 80 -out out/aia-test-cert.csr \ 81 -config aia-test.cnf 82 83 CA_COMMON_NAME="AIA Test Intermediate CA" \ 84 CA_DIR=out \ 85 CA_NAME=aia-test-intermediate \ 86 AIA_URL=http://aia-test.invalid \ 87 try openssl ca \ 88 -batch \ 89 -in out/aia-test-cert.csr \ 90 -out out/aia-test-cert.pem \ 91 -config aia-test.cnf \ 92 -extensions user_cert 93 94 # Copy to the file names that are actually checked in. 95 try cp out/aia-test-cert.pem ../certificates/aia-cert.pem 96 try openssl x509 \ 97 -outform der \ 98 -in out/aia-test-intermediate.pem \ 99 -out ../certificates/aia-intermediate.der 100 try cp out/aia-test-root.pem ../certificates/aia-root.pem 101
