1#!/bin/bash 2 3check_result(){ 4 if [ $1 -ne 0 ]; then 5 echo "Failed at \"$2\", Abort" 6 exit 1 7 else 8 echo "Step Succeeded!" 9 fi 10} 11 12openssl pkey -in root-ed25519-priv.pem -noout >/dev/null 2>&1 13if [ $? -ne 0 ]; then 14 echo "OpenSSL does not support Ed25519" 15 echo "Skipping Ed25519 certificate renewal" 16 exit 0 17fi 18 19############################################################ 20###### update the self-signed root-ed25519.pem ############# 21############################################################ 22echo "Updating root-ed25519.pem" 23echo "" 24#pipe the following arguments to openssl req... 25echo -e "US\\nMontana\\nBozeman\\nwolfSSL_Ed25519\\nRoot-Ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \ 26openssl req -new -key root-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-ed25519.csr 27check_result $? "Generate request" 28 29openssl x509 -req -in root-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-ed25519-priv.pem -out root-ed25519.pem 30check_result $? "Generate certificate" 31rm root-ed25519.csr 32 33openssl x509 -in root-ed25519.pem -outform DER > root-ed25519.der 34check_result $? "Convert to DER" 35openssl x509 -in root-ed25519.pem -text > tmp.pem 36check_result $? "Add text" 37mv tmp.pem root-ed25519.pem 38echo "End of section" 39echo "---------------------------------------------------------------------" 40 41############################################################ 42###### update ca-ed25519.pem signed by root ################ 43############################################################ 44echo "Updating ca-ed25519.pem" 45echo "" 46#pipe the following arguments to openssl req... 47echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nCA-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-ed25519.csr 48check_result $? "Generate request" 49 50openssl x509 -req -in ca-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-ed25519.pem -CAkey root-ed25519-priv.pem -set_serial 01 -out ca-ed25519.pem 51check_result $? "Generate certificate" 52rm ca-ed25519.csr 53 54openssl x509 -in ca-ed25519.pem -outform DER > ca-ed25519.der 55check_result $? "Convert to DER" 56openssl x509 -in ca-ed25519.pem -text > tmp.pem 57check_result $? "Add text" 58mv tmp.pem ca-ed25519.pem 59echo "End of section" 60echo "---------------------------------------------------------------------" 61 62############################################################ 63###### update server-ed25519.pem signed by ca ############## 64############################################################ 65echo "Updating server-ed25519.pem" 66echo "" 67#pipe the following arguments to openssl req... 68echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nServer-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-ed25519.csr 69check_result $? "Generate request" 70 71openssl x509 -req -in server-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-ed25519.pem -CAkey ca-ed25519-priv.pem -set_serial 01 -out server-ed25519-cert.pem 72check_result $? "Generate certificate" 73rm server-ed25519.csr 74 75openssl x509 -in server-ed25519-cert.pem -outform DER > server-ed25519.der 76check_result $? "Convert to DER" 77openssl x509 -in server-ed25519-cert.pem -text > tmp.pem 78check_result $? "Add text" 79mv tmp.pem server-ed25519-cert.pem 80cat server-ed25519-cert.pem ca-ed25519.pem > server-ed25519.pem 81check_result $? "Add CA into server cert" 82echo "End of section" 83echo "---------------------------------------------------------------------" 84 85############################################################ 86###### update the self-signed client-ed25519.pem ########### 87############################################################ 88echo "Updating client-ed25519.pem" 89echo "" 90#pipe the following arguments to openssl req... 91echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nClient-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-ed25519.csr 92check_result $? "Generate request" 93 94openssl x509 -req -in client-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-ed25519-priv.pem -out client-ed25519.pem 95check_result $? "Generate certificate" 96rm client-ed25519.csr 97 98openssl x509 -in client-ed25519.pem -outform DER > client-ed25519.der 99check_result $? "Convert to DER" 100openssl x509 -in client-ed25519.pem -text > tmp.pem 101check_result $? "Add text" 102mv tmp.pem client-ed25519.pem 103echo "End of section" 104echo "---------------------------------------------------------------------" 105 106