add createca.sh and rootreq.conf

This commit is contained in:
Jan Dittberner 2011-05-03 21:01:18 +02:00
parent 4df618e834
commit fe0e526dd3
3 changed files with 102 additions and 0 deletions

5
README
View file

@ -3,3 +3,8 @@ This directory contains various OpenSSL configuration examples and scripts.
Configuration files:
- rootca.conf - Example root CA configuration
- rootreq.conf - Example signing request configuration
Scripts:
- createca.sh - Script for creating a CA

40
createca.sh Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
set -e
usage() {
echo "Usage: $1 <cabasedir> <reqconf> <caconf>"
exit 1
}
if [ $# -lt 3 ]; then
usage $0
fi
if [ ! -f "$2" ]; then
echo "$2 is no file."
usage $0
fi
REQCONF="$2"
if [ ! -f "$3" ]; then
echo "$2 is no file."
usage $0
fi
CACONF="$3"
if [ -d "$1" ]; then
echo "$1 does already exist. Please specify a new directory."
usage $0
fi
CADIR="$1"
mkdir -p "${CADIR}/certs"
mkdir -p "${CADIR}/crl"
mkdir -p "${CADIR}/newcerts"
mkdir -p "${CADIR}/private"
openssl req -new -x509 -config "${REQCONF}" -out "${CADIR}/ca.crt.pem" -keyout "${CADIR}/private/ca.key.pem"
echo "01" > "${CADIR}/serial"
touch "${CADIR}/index.txt"

57
rootreq.conf Normal file
View file

@ -0,0 +1,57 @@
# Request configuration for CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03
RANDFILE = $ENV::HOME/ca/.rnd
extensions = v3_ext
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca_ext
# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = DE
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Saxony
localityName = Locality Name (eg, city)
localityName_default = Example Town
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Example Organization
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Example Lab
commonName = Common Name (eg, YOUR name)
commonName_max = 64
commonName_default = Example Lab Root CA
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = rootca@example.org
[ v3_ca_ext ]
basicConstraints = critical, CA:true, pathlen:1
keyUsage = critical, keyCertSign,cRLSign
nsComment = "Example Labs Root Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier = keyid:always,issuer:always
# Include email address in subject alt name: another PKIX recommendation
subjectAltName = email:copy
authorityInfoAccess = OCSP;URI:http://ocsp.rootca.example.org/
crlDistributionPoints = URI:http://rootca.example.org/rootca.crl