- Enhanced generation CA script and config to further automate different actions

programs/ssl/test-ca/gen_test_ca.sh

@@ -4,9 +4,15 @@ rm -rf index newcerts/*.pem serial *.req *.key *.crt crl.prm
 touch index
 echo "01" > serial
 
+PASSWORD=PolarSSLTest
+
 echo "Generating CA"
-openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \
-            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Test CA" >> sslconf_use.txt
+
+openssl req -config sslconf_use.txt -days 3653 -x509 -newkey rsa:2048 \
+            -set_serial 0 -text -keyout test-ca.key -out test-ca.crt \
+	    -passout pass:$PASSWORD
 
 echo "Generating rest"
 openssl genrsa -out server1.key 2048
@@ -15,21 +21,33 @@ openssl genrsa -out client1.key 2048
 openssl genrsa -out client2.key 2048
 
 echo "Generating requests"
-openssl req -config sslconf.txt -new -key server1.key -out server1.req
-openssl req -config sslconf.txt -new -key server2.key -out server2.req
-openssl req -config sslconf.txt -new -key client1.key -out client1.req
-openssl req -config sslconf.txt -new -key client2.key -out client2.req
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Server 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server1.key -out server1.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Server 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key server2.key -out server2.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Client 1" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client1.key -out client1.req
+
+cat sslconf.txt > sslconf_use.txt 
+echo "CN=PolarSSL Client 2" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key client2.key -out client2.req
 
 echo "Signing requests"
-openssl ca -config sslconf.txt -in server1.req -out server1.crt
-openssl ca -config sslconf.txt -in server2.req -out server2.crt
-openssl ca -config sslconf.txt -in client1.req -out client1.crt
-openssl ca -config sslconf.txt -in client2.req -out client2.crt
+for i in server1 server2 client1 client2;
+do
+  openssl ca -config sslconf.txt -out $i.crt -passin pass:$PASSWORD \
+	-batch -in $i.req
+done
 
 echo "Revoking firsts"
-openssl ca -config sslconf.txt -revoke server1.crt
-openssl ca -config sslconf.txt -revoke client1.crt
-openssl ca -config sslconf.txt -gencrl -out crl.pem
+openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD
+openssl ca -batch -config sslconf.txt -gencrl -out crl.pem -passin pass:$PASSWORD
 
 echo "Verifying second"
 openssl x509 -in server2.crt -text -noout
@@ -39,6 +57,6 @@ rm ca_crl.pem
 
 echo "Generating PKCS12"
 openssl pkcs12 -export -in client2.crt -inkey client2.key \
-                      -out client2.pfx
+                      -out client2.pfx -passout pass:$PASSWORD
 
-rm *.old *.req
+rm *.old *.req sslconf_use.txt

programs/ssl/test-ca/sslconf.txt

@@ -25,29 +25,14 @@ policy                  = my_policy
 x509_extensions         = v3_usr
 
 [ my_policy ]
-countryName             = optional
-stateOrProvinceName     = optional
+countryName             = supplied
 organizationName        = match
-organizationalUnitName  = optional
 commonName              = supplied
-emailAddress            = optional
 
 [ req ]
 distinguished_name      = my_req_dn
 x509_extensions         = v3_ca
-
-[ my_req_dn ]
-countryName             = Country Name..............
-countryName_min         = 2
-countryName_max         = 2
-stateOrProvinceName     = State or Province Name....
-localityName            = Locality Name.............
-0.organizationName      = Organization Name.........
-organizationalUnitName  = Org. Unit Name............
-commonName              = Common Name (required)....
-commonName_max          = 64
-emailAddress            = Email Address.............
-emailAddress_max        = 64
+prompt			= no
 
 [ v3_ca ]
 basicConstraints        = CA:TRUE
@@ -59,3 +44,6 @@ basicConstraints        = CA:FALSE
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid,issuer
 
+[ my_req_dn ]
+C=NL
+O=PolarSSL