diff options
author | José Bollo <jose.bollo@iot.bzh> | 2016-06-24 11:48:27 +0200 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2016-06-24 11:48:27 +0200 |
commit | f876c7e7be694606da4515559d4fb6a7b5766651 (patch) | |
tree | ce2732419adef2112568a734dbcdcafb2a54fa6f /certs/gen-certs.sh | |
parent | 8753c48ed498805cec5fbc6096cd6fae3afa0da9 (diff) |
cleanup
Change-Id: I8041d3ffa0c8f403935874a8162f0dbc9c356e7a
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'certs/gen-certs.sh')
-rwxr-xr-x | certs/gen-certs.sh | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/certs/gen-certs.sh b/certs/gen-certs.sh new file mode 100755 index 0000000..b432ce6 --- /dev/null +++ b/certs/gen-certs.sh @@ -0,0 +1,79 @@ +#!/bin/sh +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without any warranty. + +ORG="/C=FR/ST=Brittany/L=Vannes/O=IoT.bzh" + +cat > extensions << EOC +[root] +basicConstraints=CA:TRUE +keyUsage=keyCertSign +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +[derivate] +basicConstraints=CA:TRUE +keyUsage=keyCertSign,digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +EOC + +keyof() { echo -n "$1.key.pem"; } +certof() { echo -n "$1.cert.pem"; } + +generate() { + +local s="$1" n="$2" cn="$3" sig="$4" +local key="$(keyof "$n")" cert="$(certof "$n")" + +if [ ! -f "$key" ] +then + echo + echo "generation of the $n key" + openssl genpkey \ + -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \ + -outform PEM \ + -out "$key" +fi + +if [ ! -f "$cert" -o "$key" -nt "$cert" ] +then + echo + echo "generation of the $n certificate" + openssl req -new \ + -key "$key" \ + -subj "$ORG/CN=$cn" | + openssl x509 -req \ + -days 3653 \ + -sha256 \ + -extfile extensions \ + -trustout \ + $sig \ + -set_serial $s \ + -setalias "$cn" \ + -out "$cert" +fi + +} + + +genroot() { + local s="$1" n="$2" cn="$3" + generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root" +} + +derivate() { + local s="$1" n="$2" cn="$3" i="$4" + generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate" +} + + +genroot 1 root "Root certificate" +derivate 2 developer "Root developer" root +derivate 3 platform "Root platform" root +derivate 4 partner "Root partner" root +derivate 5 public "Root public" root + +rm extensions |