1*92cfeba6Schristos#!/bin/sh 2*92cfeba6Schristosopenssl=$(which openssl) 3*92cfeba6Schristos 4*92cfeba6Schristosif [ x"$openssl" = "x" ]; then 5*92cfeba6Schristosecho "OpenSSL command line binary not found, skipping..." 6*92cfeba6Schristosfi 7*92cfeba6Schristos 8*92cfeba6SchristosKEY_BITS=4096 9*92cfeba6SchristosKEY_TYPE=rsa:$KEY_BITS 10*92cfeba6Schristos 11*92cfeba6SchristosUSAGE="$0 [-s] [-u <user@domain.com>]" 12*92cfeba6SchristosSERVER=0 13*92cfeba6SchristosUSER=0 14*92cfeba6SchristosEMAIL= 15*92cfeba6Schristos 16*92cfeba6Schristoswhile test $# -gt 0 ; do 17*92cfeba6Schristos case "$1" in 18*92cfeba6Schristos -s | -server) 19*92cfeba6Schristos SERVER=1; 20*92cfeba6Schristos shift;; 21*92cfeba6Schristos -u | -user) 22*92cfeba6Schristos if [ x"$2" = "x" ]; then 23*92cfeba6Schristos echo "User cert requires an email address as an argument" 24*92cfeba6Schristos exit; 25*92cfeba6Schristos fi 26*92cfeba6Schristos USER=1; 27*92cfeba6Schristos EMAIL="$2"; 28*92cfeba6Schristos shift; shift;; 29*92cfeba6Schristos -) 30*92cfeba6Schristos shift;; 31*92cfeba6Schristos -*) 32*92cfeba6Schristos echo "$USAGE"; exit 1 33*92cfeba6Schristos ;; 34*92cfeba6Schristos *) 35*92cfeba6Schristos break;; 36*92cfeba6Schristos esac 37*92cfeba6Schristosdone 38*92cfeba6Schristos 39*92cfeba6Schristosif [ $SERVER = 0 -a $USER = 0 ]; then 40*92cfeba6Schristos echo "$USAGE"; 41*92cfeba6Schristos exit 1; 42*92cfeba6Schristosfi 43*92cfeba6Schristos 44*92cfeba6Schristosrm -rf ./openssl.cnf cruft 45*92cfeba6Schristosmkdir -p private certs cruft/private cruft/certs 46*92cfeba6Schristos 47*92cfeba6Schristosecho "00" > cruft/serial 48*92cfeba6Schristostouch cruft/index.txt 49*92cfeba6Schristostouch cruft/index.txt.attr 50*92cfeba6Schristoshn=$(hostname -f) 51*92cfeba6Schristossed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf > ./openssl.cnf 52*92cfeba6Schristos 53*92cfeba6Schristosif [ $SERVER = 1 ]; then 54*92cfeba6Schristos rm -rf private/localhost.key certs/localhost.crt 55*92cfeba6Schristos 56*92cfeba6Schristos $openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \ 57*92cfeba6Schristos -newkey $KEY_TYPE -config ./openssl.cnf \ 58*92cfeba6Schristos -subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \ 59*92cfeba6Schristos -batch > /dev/null 2>&1 60*92cfeba6Schristos 61*92cfeba6Schristos $openssl ca -out certs/localhost.crt -notext -config ./openssl.cnf -days 183000 -in localhost.csr \ 62*92cfeba6Schristos -keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \ 63*92cfeba6Schristos -batch >/dev/null 2>&1 64*92cfeba6Schristos 65*92cfeba6Schristos rm -rf ./openssl.cnf ./localhost.csr cruft 66*92cfeba6Schristosfi 67*92cfeba6Schristos 68*92cfeba6Schristosif [ $USER = 1 ]; then 69*92cfeba6Schristos rm -f certs/$EMAIL.crt private/$EMAIL.key $EMAIL.csr 70*92cfeba6Schristos 71*92cfeba6Schristos $openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \ 72*92cfeba6Schristos -newkey $KEY_TYPE -config ./openssl.cnf \ 73*92cfeba6Schristos -subj "/emailAddress=$EMAIL/CN=$EMAIL/OU=OpenLDAP/O=OpenLDAP Foundation/ST=CA/C=US" \ 74*92cfeba6Schristos -batch >/dev/null 2>&1 75*92cfeba6Schristos 76*92cfeba6Schristos $openssl ca -out certs/$EMAIL.crt -notext -config ./openssl.cnf -days 183000 -in $EMAIL.csr \ 77*92cfeba6Schristos -keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \ 78*92cfeba6Schristos -cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1 79*92cfeba6Schristos 80*92cfeba6Schristos rm -rf ./openssl.cnf ./$EMAIL.csr cruft 81*92cfeba6Schristosfi 82