gencerts

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· 代码 · 共 80 行

#!/bin/sh
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
# 
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
# 
# The Original Code is the Netscape security libraries.
# 
# The Initial Developer of the Original Code is Netscape
# Communications Corporation.  Portions created by Netscape are 
# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
# Rights Reserved.
# 
# Contributor(s):
# 
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable 
# instead of those above.  If you wish to allow use of your 
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL.  If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
# Script to generate sample db files neccessary for SSL.

# Directory for db's, use in all subsequent -d flags.
rm -rf SampleCertDBs
mkdir SampleCertDBs

# Password to use.
echo sample > passfile

# Generate the db files, using the above password.
certutil -N -d SampleCertDBs -f passfile

# Generate the CA cert.  This cert is self-signed and only useful for
# test purposes.  Set the trust bits to allow it to sign SSL client/server
# certs.
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
            -s "CN=My Sample Root CA, O=My Organization" \
            -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
            -d SampleCertDBs -f passfile

# Generate the server cert.  This cert is signed by the CA cert generated
# above.  The CN must be hostname.domain.[com|org|net|...].
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
            -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
            -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
            -d SampleCertDBs -f passfile

# Generate the client cert.  This cert is signed by the CA cert generated
# above.
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
            -s "CN=My Client Cert, O=Client Organization" \
            -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
            -d SampleCertDBs -f passfile

# Verify the certificates.
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs

# Remove unneccessary files.
rm -f passfile
rm -f tempcert*

# You are now ready to run your client/server!  Example command lines:
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com