diff options
Diffstat (limited to 'crypto/openssl/apps/CA.pl')
| -rwxr-xr-x | crypto/openssl/apps/CA.pl | 53 |
1 files changed, 34 insertions, 19 deletions
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index a52a004..a3965ec 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -36,16 +36,26 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -58,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,6 +94,9 @@ foreach (@ARGV) { mkdir "${CATOP}/private", $DIRMODE; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -98,22 +111,24 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } - if (! -f "${CATOP}/serial" ) { - system ("$X509 -in ${CATOP}/$CACERT -noout " - . "-next_serial -out ${CATOP}/serial"); - } } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); |
