1#!/bin/sh 2 3# $1 cert, $2 name, $3 ca, $4 extensions, $5 serial 4update_cert(){ 5 6 openssl req \ 7 -new \ 8 -key $1-key.pem \ 9 -out $1-cert.csr \ 10 -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com" 11 12 openssl x509 \ 13 -req -in $1-cert.csr \ 14 -extfile $6 \ 15 -extensions $4 \ 16 -days 1000 \ 17 -CA $3-cert.pem \ 18 -CAkey $3-key.pem \ 19 -set_serial $5 \ 20 -out $1-cert.pem \ 21 -sha256 22 23 rm $1-cert.csr 24 openssl x509 -in $1-cert.pem -text > $1_tmp.pem 25 mv $1_tmp.pem $1-cert.pem 26 cat $3-cert.pem >> $1-cert.pem 27} 28 29 30 31printf '%s\n' "Using CNF: $1" 32 33openssl req \ 34 -new \ 35 -key root-ca-key.pem \ 36 -out root-ca-cert.csr \ 37 -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" 38 39openssl x509 \ 40 -req -in root-ca-cert.csr \ 41 -extfile $1 \ 42 -extensions v3_ca \ 43 -days 1000 \ 44 -signkey root-ca-key.pem \ 45 -set_serial 99 \ 46 -out root-ca-cert.pem \ 47 -sha256 48 49rm root-ca-cert.csr 50openssl x509 -in root-ca-cert.pem -text > tmp.pem 51mv tmp.pem root-ca-cert.pem 52 53update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01 $1 54update_cert intermediate2-ca "wolfSSL intermediate CA 2" root-ca v3_ca 02 $1 55update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 03 $1 # REVOKED 56 57update_cert ocsp-responder "wolfSSL OCSP Responder" root-ca v3_ocsp 04 $1 58 59update_cert server1 "www1.wolfssl.com" intermediate1-ca v3_req1 05 $1 60update_cert server2 "www2.wolfssl.com" intermediate1-ca v3_req1 06 $1 # REVOKED 61update_cert server3 "www3.wolfssl.com" intermediate2-ca v3_req2 07 $1 62update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 $1 # REVOKED 63update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09 $1 64