#!/bin/sh set -eu ORGANIZATION="CAcert Inc." COUNTRY_CODE="AU" . ./.env if [ ! -d testca/ ]; then mkdir -p testca/ cd testca mkdir -p root/newcerts class3/newcerts root/private class3/private certs touch root/index.txt class3/index.txt else cd testca fi cat >ca.cnf <certs/cachain.crt.pem fi if [ ! -f certs/cats.cacert.localhost.crt.pem ]; then openssl req -new -keyout certs/cats.cacert.localhost.key.pem -nodes \ -out certs/cats.cacert.localhost.csr.pem -subj "/CN=cats.cacert.localhost" \ -addext "subjectAltName=DNS:cats.cacert.localhost,DNS:www.cats.cacert.localhost" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/cats.cacert.localhost.csr.pem \ -out certs/cats.cacert.localhost.crt.pem \ -rand_serial \ -extensions server_ext \ -batch fi if [ ! -f certs/cats-client.cacert.localhost.crt.pem ]; then openssl req -new -keyout certs/cats-client.cacert.localhost.key.pem -nodes \ -out certs/cats-client.cacert.localhost.csr.pem -subj "/CN=cats.cacert.localhost" \ -addext "subjectAltName=DNS:cats.cacert.localhost" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/cats-client.cacert.localhost.csr.pem \ -out certs/cats-client.cacert.localhost.crt.pem \ -rand_serial \ -extensions client_ext \ -batch fi if [ ! -f certs/mgr.cacert.localhost.crt.pem ]; then openssl req -new -keyout certs/mgr.cacert.localhost.key.pem -nodes \ -out certs/mgr.cacert.localhost.csr.pem -subj "/CN=mgr.cacert.localhost" \ -addext "subjectAltName=DNS:mgr.cacert.localhost,DNS:www.mgr.cacert.localhost" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/mgr.cacert.localhost.csr.pem \ -out certs/mgr.cacert.localhost.crt.pem \ -rand_serial \ -extensions server_ext \ -batch fi if [ ! -f certs/secure.test.cacert.localhost.crt.pem ]; then openssl req -new -keyout certs/secure.test.cacert.localhost.key.pem -nodes \ -out certs/secure.test.cacert.localhost.csr.pem -subj "/CN=secure.test.cacert.localhost" \ -addext "subjectAltName=DNS:secure.test.cacert.localhost" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/secure.test.cacert.localhost.csr.pem \ -out certs/secure.test.cacert.localhost.crt.pem \ -rand_serial \ -extensions server_ext \ -batch fi if [ ! -f certs/test.cacert.localhost.crt.pem ]; then openssl req -new -keyout certs/test.cacert.localhost.key.pem -nodes \ -out certs/test.cacert.localhost.csr.pem -subj "/CN=test.cacert.localhost" \ -addext "subjectAltName=DNS:test.cacert.localhost,DNS:www.test.cacert.localhost" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/test.cacert.localhost.csr.pem \ -out certs/test.cacert.localhost.crt.pem \ -rand_serial \ -extensions server_ext \ -batch fi if [ ! -f certs/testclient.p12 ]; then openssl req -new -keyout certs/testclient.key.pem -nodes \ -out certs/testclient.csr.pem -subj "/CN=${CLIENT_CERT_USERNAME}" \ -addext "subjectAltName=email:${CLIENT_CERT_EMAIL}" openssl ca -config ca.cnf \ -name class3_ca \ -in certs/testclient.csr.pem \ -out certs/testclient.crt.pem \ -rand_serial \ -extensions client_ext \ -batch openssl pkcs12 -export -out certs/testclient.p12 \ -passout "pass:${CLIENT_CERT_PASSWORD}" \ -chain -CAfile certs/cachain.crt.pem \ -inkey certs/testclient.key.pem \ -in certs/testclient.crt.pem \ -name "${CLIENT_CERT_USERNAME}" fi