From 5ad770f4ddb9e8fcf37540105a8e30b1d9be47ef Mon Sep 17 00:00:00 2001 From: Tau Date: Thu, 8 Nov 2018 17:10:04 -0500 Subject: [PATCH] Add initpki --- .gitignore | 1 + initpki | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 .gitignore create mode 100755 initpki diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..993b775 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pki/ diff --git a/initpki b/initpki new file mode 100755 index 0000000..08e2e09 --- /dev/null +++ b/initpki @@ -0,0 +1,85 @@ +#!/bin/sh + +set -e + +D=`dirname $0` +DAYS=36524 + +pushd "$D" +mkdir -p pki + +# Generate CA + +openssl genpkey \ + -algorithm RSA \ + -out pki/ca.key \ + -pkeyopt rsa_keygen_bits:2048 \ + +openssl req \ + -new \ + -key pki/ca.key \ + -extensions v3_ca \ + -batch \ + -out /tmp/ca.csr \ + -utf8 \ + -subj "/CN=DummyCA/O=DummyPKI" \ + +openssl req \ + -x509 \ + -sha256 \ + -key pki/ca.key \ + -in /tmp/ca.csr \ + -out pki/ca.pem \ + -days $DAYS \ + +# Convert PEM cert to DER form for emulated keychip. +# DER must fit in 1024 bytes so it must be small. + +openssl x509 \ + -in pki/ca.pem \ + -out pki/ca.crt \ + -outform der \ + +# Generate server key + +openssl genpkey \ + -algorithm RSA \ + -out pki/server.key \ + -pkeyopt rsa_keygen_bits:2048 \ + +openssl req \ + -new \ + -key pki/server.key \ + -extensions v3_ca \ + -batch \ + -out /tmp/server.csr \ + -utf8 \ + -subj "/CN=ib.naominet.jp" \ + +openssl x509 \ + -req \ + -sha256 \ + -days $DAYS \ + -in /tmp/server.csr \ + -CAkey pki/ca.key \ + -CA pki/ca.pem \ + -set_serial 0 \ + -out pki/server.pem \ + +# Generate billing key pair + +openssl genpkey \ + -algorithm RSA \ + -out pki/billing.key \ + -pkeyopt rsa_keygen_bits:1024 \ + +openssl rsa \ + -pubout \ + -outform der \ + -in pki/billing.key \ + -out pki/billing.pub \ + +# Clean up + +rm -f /tmp/ca.csr +rm -f /tmp/server.csr