demo/ssl/ssl.sh

   1 #!/bin/sh
   2
   3 # COMPLETELY UNSAFE - FOR DEVELOPMENT ONLY
   4 # Run this script from its directory
   5
   6 export OPENSSL_CONF=./openssl.cnf
   7 export CATOP=./CA
   8
   9 /etc/pki/tls/misc/CA -newca
  10
  11 openssl req -x509 -new -newkey rsa:1024 -extensions server_ext -days 3650 \
  12  -subj /C=DE/ST=Berlin/O=Example/OU=Systems/CN=localhost/ \
  13  -keyout newkey.pem -passout pass:demo -out newcrt.pem
  14
  15 openssl pkcs12 -export -passin pass:demo -passout pass:changeit \
  16  -name "jetty" -inkey newkey.pem -in newcrt.pem \
  17  -out server.p12
  18
  19  # Convert PKCS12 keystore into a JKS keystore
  20 keytool -importkeystore \
  21  -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass changeit \
  22  -alias jetty  -destkeystore server.jks -deststorepass changeit
  23 rm -f server.p12
  24
  25 # Import People CA
  26 keytool -importcert -keystore server.jks -storepass changeit \
  27  -alias CA -file CA/cacert.pem
  28
  29 # root user
  30 openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \
  31  -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=root/ \
  32  -keyout newkey.pem -passout pass:demo -out newcsr.pem
  33 openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
  34 openssl pkcs12 -export -passin pass:demo -passout pass:demo \
  35  -name "root" -inkey newkey.pem -in newcrt.pem \
  36  -out root.p12
  37
  38 # demo user
  39 openssl req -new -newkey rsa:1024 -extensions server_ext -days 3650 \
  40  -subj /C=DE/ST=Berlin/O=Example/OU=People/CN=demo/ \
  41  -keyout newkey.pem -passout pass:demo -out newcsr.pem
  42 openssl ca -batch -passin pass:demo -in newcsr.pem -out newcrt.pem
  43 openssl pkcs12 -export -passin pass:demo -passout pass:demo \
  44  -name "demo" -inkey newkey.pem -in newcrt.pem \
  45  -out demo.p12
  46
  47 # Clean up
  48 rm -vf new*.pem
  49 #rm -vf root.csr root.key root.crt
  50 #rm -vf server.p12 server.crt server.key