1$! TESTSS.COM 2$ 3$ __arch = "VAX" 4$ if f$getsyi("cpu") .ge. 128 then - 5 __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") 6$ if __arch .eqs. "" then __arch = "UNK" 7$! 8$ if (p1 .eqs. "64") then __arch = __arch+ "_64" 9$! 10$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" 11$ 12$ digest="-md5" 13$ reqcmd = "mcr ''exe_dir'openssl req" 14$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" 15$ verifycmd = "mcr ''exe_dir'openssl verify" 16$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" 17$ 18$ CAkey="""keyCA.ss""" 19$ CAcert="""certCA.ss""" 20$ CAreq="""reqCA.ss""" 21$ CAconf="""CAss.cnf""" 22$ CAreq2="""req2CA.ss""" ! temp 23$ 24$ Uconf="""Uss.cnf""" 25$ Ukey="""keyU.ss""" 26$ Ureq="""reqU.ss""" 27$ Ucert="""certU.ss""" 28$ 29$ write sys$output "" 30$ write sys$output "make a certificate request using 'req'" 31$ 32$ set noon 33$ define/user sys$output nla0: 34$ mcr 'exe_dir'openssl no-rsa 35$ save_severity=$SEVERITY 36$ set on 37$ if save_severity 38$ then 39$ req_new="-newkey dsa:[-.apps]dsa512.pem" 40$ else 41$ req_new="-new" 42$ endif 43$ 44$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss 45$ if $severity .ne. 1 46$ then 47$ write sys$output "error using 'req' to generate a certificate request" 48$ exit 3 49$ endif 50$ write sys$output "" 51$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" 52$ define /user sys$output err.ss 53$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' 54$ if $severity .ne. 1 55$ then 56$ write sys$output "error using 'x509' to self sign a certificate request" 57$ exit 3 58$ endif 59$ 60$ write sys$output "" 61$ write sys$output "convert a certificate into a certificate request using 'x509'" 62$ define /user sys$output err.ss 63$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' 64$ if $severity .ne. 1 65$ then 66$ write sys$output "error using 'x509' convert a certificate to a certificate request" 67$ exit 3 68$ endif 69$ 70$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout 71$ if $severity .ne. 1 72$ then 73$ write sys$output "first generated request is invalid" 74$ exit 3 75$ endif 76$ 77$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout 78$ if $severity .ne. 1 79$ then 80$ write sys$output "second generated request is invalid" 81$ exit 3 82$ endif 83$ 84$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' 85$ if $severity .ne. 1 86$ then 87$ write sys$output "first generated cert is invalid" 88$ exit 3 89$ endif 90$ 91$ write sys$output "" 92$ write sys$output "make another certificate request using 'req'" 93$ define /user sys$output err.ss 94$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' 95$ if $severity .ne. 1 96$ then 97$ write sys$output "error using 'req' to generate a certificate request" 98$ exit 3 99$ endif 100$ 101$ write sys$output "" 102$ write sys$output "sign certificate request with the just created CA via 'x509'" 103$ define /user sys$output err.ss 104$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' 105$ if $severity .ne. 1 106$ then 107$ write sys$output "error using 'x509' to sign a certificate request" 108$ exit 3 109$ endif 110$ 111$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' 112$ write sys$output "" 113$ write sys$output "Certificate details" 114$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' 115$ 116$ write sys$output "" 117$ write sys$output "The generated CA certificate is ",CAcert 118$ write sys$output "The generated CA private key is ",CAkey 119$ 120$ write sys$output "The generated user certificate is ",Ucert 121$ write sys$output "The generated user private key is ",Ukey 122$ 123$ if f$search("err.ss;*") .nes. "" then delete err.ss;* 124