WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

updating renewcerts script

pull/1428/head
Jacob Barthelmeh 2018-03-08 15:31:28 -07:00
parent 3b4d1bc796
commit 849e1eb10d
2 changed files with 67 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
certs/renewcerts.sh
View File

@ -8,6 +8,10 @@
# client-ecc-cert.der # client-ecc-cert.der
# ca-cert.pem # ca-cert.pem
# ca-cert.der # ca-cert.der
# ca-ecc-cert.pem
# ca-ecc-cert.der
# ca-ecc384-cert.pem
# ca-ecc384-cert.der
# server-cert.pem # server-cert.pem
# server-cert.der # server-cert.der
# server-ecc-rsa.pem # server-ecc-rsa.pem
@ -17,6 +21,7 @@
# server-ecc-comp.pem # server-ecc-comp.pem
# client-ca.pem # client-ca.pem
# test/digsigku.pem # test/digsigku.pem
# ecc-privOnlyCert.pem
# updates the following crls: # updates the following crls:
# crl/cliCrl.pem # crl/cliCrl.pem
# crl/crl.pem # crl/crl.pem
@ -100,12 +105,38 @@ function run_renewcerts(){
openssl x509 -in ca-cert.pem -text > tmp.pem openssl x509 -in ca-cert.pem -text > tmp.pem
mv tmp.pem ca-cert.pem mv tmp.pem ca-cert.pem
############################################################ ############################################################
########## update the self-signed ca-ecc-cert.pem ##########
############################################################
echo "Updating ca-ecc-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc-key.pem -nodes -out ca-ecc-cert.csr
openssl x509 -req -in ca-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc-key.pem -out ca-ecc-cert.pem
rm ca-ecc-cert.csr
openssl x509 -in ca-ecc-cert.pem -text > tmp.pem
mv tmp.pem ca-ecc-cert.pem
############################################################
########## update the self-signed ca-ecc384-cert.pem #######
############################################################
echo "Updating ca-ecc384-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc384-key.pem -nodes -sha384 -out ca-ecc384-cert.csr
openssl x509 -req -in ca-ecc384-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc384-key.pem -sha384 -out ca-ecc384-cert.pem
rm ca-ecc384-cert.csr
openssl x509 -in ca-ecc384-cert.pem -text > tmp.pem
mv tmp.pem ca-ecc384-cert.pem
############################################################
##### update the self-signed (1024-bit) ca-cert.pem ######## ##### update the self-signed (1024-bit) ca-cert.pem ########
############################################################ ############################################################
echo "Updating 1024-bit ca-cert.pem" echo "Updating 1024-bit ca-cert.pem"
echo "" echo ""
#pipe the following arguments to openssl req... #pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -out \1024/ca-cert.csr echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -sha1 -out \1024/ca-cert.csr
openssl x509 -req -in \1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/ca-key.pem -out \1024/ca-cert.pem openssl x509 -req -in \1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/ca-key.pem -out \1024/ca-cert.pem
rm \1024/ca-cert.csr rm \1024/ca-cert.csr
@ -169,7 +200,7 @@ function run_renewcerts(){
echo "Updating 1024-bit server-cert.pem" echo "Updating 1024-bit server-cert.pem"
echo "" echo ""
#pipe the following arguments to openssl req... #pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes > \1024/server-req.pem echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes -sha1 > \1024/server-req.pem
openssl x509 -req -in \1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA \1024/ca-cert.pem -CAkey \1024/ca-key.pem -set_serial 01 > \1024/server-cert.pem openssl x509 -req -in \1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA \1024/ca-cert.pem -CAkey \1024/ca-key.pem -set_serial 01 > \1024/server-cert.pem
@ -244,6 +275,18 @@ function run_renewcerts(){
echo "" echo ""
cat client-cert.pem client-ecc-cert.pem > client-ca.pem cat client-cert.pem client-ecc-cert.pem > client-ca.pem
############################################################
###### update the self-signed ecc-privOnlyCert.pem #########
############################################################
echo "Updating ecc-privOnlyCert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e ".\n.\n.\nWR\n.\nDE\n.\n.\n.\n" | openssl req -new -key ecc-privOnlyKey.pem -nodes -out ecc-privOnly.csr
openssl x509 -req -in ecc-privOnly.csr -days 1000 -signkey ecc-privOnlyKey.pem -out ecc-privOnlyCert.pem
rm ecc-privOnly.csr
############################################################ ############################################################
###### update the self-signed test/digsigku.pem ########## ###### update the self-signed test/digsigku.pem ##########
############################################################ ############################################################
@ -263,10 +306,15 @@ function run_renewcerts(){
############################################################ ############################################################
########## make .der files from .pem files ################# ########## make .der files from .pem files #################
############################################################ ############################################################
openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
echo "Creating der formatted certs..." echo "Creating der formatted certs..."
echo "" echo ""
openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
openssl x509 -inform PEM -in \1024/server-cert.pem -outform DER -out \1024/server-cert.der
openssl x509 -inform PEM -in \1024/ca-cert.pem -outform DER -out \1024/ca-cert.der
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
openssl x509 -inform PEM -in ca-ecc-cert.pem -outform DER -out ca-ecc-cert.der
openssl x509 -inform PEM -in ca-ecc384-cert.pem -outform DER -out ca-ecc384-cert.der
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der
@ -281,6 +329,15 @@ function run_renewcerts(){
echo "" echo ""
echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin
############################################################
###### calling gen-ext-certs.sh ##################
############################################################
echo "Calling gen-ext-certs.sh"
echo ""
cd ..
./certs/test/gen-ext-certs.sh
cd ./certs
############################################################ ############################################################
########## store DER files as buffers ###################### ########## store DER files as buffers ######################
############################################################ ############################################################

7
certs/renewcerts/wolfssl.cnf
View File

@ -170,6 +170,13 @@ authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical, CA:TRUE basicConstraints=critical, CA:TRUE
keyUsage=critical, nonRepudiation, keyEncipherment keyUsage=critical, nonRepudiation, keyEncipherment
# ca-ecc-cert extensions
[ ca_ecc_cert ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints=critical, CA:TRUE
keyUsage=critical, digitalSignature, keyCertSign, cRLSign
#tsa default #tsa default
[ tsa ] [ tsa ]
default_tsa = tsa_config1 default_tsa = tsa_config1