82 lines
2.7 KiB
Bash
Executable File
82 lines
2.7 KiB
Bash
Executable File
# cleanup
|
|
rm -rf t
|
|
pkill -f openssl
|
|
|
|
# ca
|
|
mkdir t
|
|
mkdir t/ocsp
|
|
mkdir t/ocsp/ca
|
|
mkdir t/ocsp/ca/certs
|
|
mkdir t/ocsp/ca/crl
|
|
mkdir t/ocsp/ca/newcerts
|
|
|
|
touch t/ocsp/ca/index.txt
|
|
echo '1000' > t/ocsp/ca/serial
|
|
mkdir t/ocsp/logs
|
|
cp ocsp.cnf t/ocsp/ocsp.cnf
|
|
|
|
# ca.crt
|
|
echo '### CREATING CA (ec prime256v1) ###'
|
|
openssl ecparam -name prime256v1 -genkey -noout -out t/ocsp/ca.key
|
|
openssl ec -in t/ocsp/ca.key -pubout -out t/ocsp/ca_pub.key
|
|
openssl req -x509 -new \
|
|
-sha256 -days 3650 \
|
|
-key t/ocsp/ca.key \
|
|
-out t/ocsp/ca.crt \
|
|
-subj '/O=CA/CN=ca.test/OU=ca.test' \
|
|
-extensions v3_ca
|
|
|
|
# inter1.crt
|
|
echo '### CREATING INTER1 (RSA) ###'
|
|
openssl genpkey -algorithm RSA -out t/ocsp/inter1.key -pkeyopt rsa_keygen_bits:4096
|
|
openssl req -new -key t/ocsp/inter1.key -out t/ocsp/inter1.csr -subj '/O=Inter/CN=inter.test/OU=2'
|
|
openssl ca -config t/ocsp/ocsp.cnf \
|
|
-in t/ocsp/inter1.csr \
|
|
-out t/ocsp/inter1.crt \
|
|
-cert t/ocsp/ca.crt \
|
|
-keyfile t/ocsp/ca.key \
|
|
-notext -batch -updatedb -extensions v3_req #2>/dev/null
|
|
|
|
# inter2.crt
|
|
echo '### CREATING INTER2 (EdDSA) ###'
|
|
openssl genpkey -algorithm Ed448 -out t/ocsp/inter2.key
|
|
openssl req -new -key t/ocsp/inter2.key -out t/ocsp/inter2.csr -subj '/O=Inter/CN=inter.test/OU=3'
|
|
openssl ca -config t/ocsp/ocsp.cnf \
|
|
-in t/ocsp/inter2.csr \
|
|
-out t/ocsp/inter2.crt \
|
|
-cert t/ocsp/inter1.crt \
|
|
-keyfile t/ocsp/inter1.key \
|
|
-notext -batch -updatedb -extensions v3_req #2>/dev/null
|
|
|
|
# client.crt
|
|
echo '### CREATING CLIENT ###'
|
|
openssl ecparam -name prime256v1 -genkey -noout -out t/ocsp/client.key
|
|
openssl req -new -key t/ocsp/client.key -out t/ocsp/client.csr -subj '/O=Client/CN=client.test/OU=4'
|
|
openssl ca -config t/ocsp/ocsp.cnf \
|
|
-in t/ocsp/client.csr \
|
|
-out t/ocsp/client.crt \
|
|
-cert t/ocsp/inter2.crt \
|
|
-keyfile t/ocsp/inter2.key \
|
|
-notext -batch -updatedb -extensions v3_req #2>/dev/null
|
|
|
|
# chain
|
|
echo '### CREATING CHAIN ###'
|
|
cat t/ocsp/client.crt > t/ocsp/chain.pem
|
|
cat t/ocsp/inter1.crt >> t/ocsp/chain.pem
|
|
cat t/ocsp/inter2.crt >> t/ocsp/chain.pem
|
|
cat t/ocsp/ca.crt >> t/ocsp/chain.pem
|
|
|
|
# sign
|
|
echo '### SIGNING ###'
|
|
openssl dgst -sha256 -sign t/ocsp/client.key -out file.sig file
|
|
|
|
# verify
|
|
echo '### VERIFYING ###'
|
|
openssl dgst -sha256 -verify <(openssl x509 -in t/ocsp/client.crt -pubkey -noout) \
|
|
-signature file.sig file
|
|
|
|
# start ocsp server
|
|
#openssl ocsp -index t/ocsp/ca/index.txt -port 2560 -ndays 999 -rsigner t/ocsp/ca/ca.crt -rkey t/ocsp/ca/ca.key -CA t/ocsp/ca/ca.crt -text >t/ocsp/logs/log.ocsp1 2>t/ocsp/logs/log.ocsp2 &
|
|
#sleep(1);
|
|
|