Home Explore Help
Sign In
txlyre
/
winamp
mirror of https://git.lumaeris.com/mirrors/winamp
1
0
Fork 0
Files Issues 0 Wiki
Branch: community
Branches Tags
winamp
/
Src
/
external_dependencies
/
cpr
/
test
/
data
/
generate-certificates.sh

generate-certificates.sh 2.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. #!/bin/sh
    2. 

  2. 

  3. # Generate a CA with a self-signed root certificate that then signs the server certificate
    4. 

  4. # Based on the OpenSSL Cookbook by Ivan Ristic:
    5. 

  5. # https://www.feistyduck.com/library/openssl-cookbook/online/
    6. 

  6. #
    7. 

  7. # Especially, see chapter 1.5. Creating a private Certification Authority:
    8. 

  8. # https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca.html
    9. 

  9. 

  10. export KEY_PATH=keys
    11. 

  11. export CRT_PATH=certificates
    12. 

  12. export CA_PATH=ca
    13. 

  13. 

  14. # Create environment. 
    15. 

  15. # $CA_PATH is deleted in the end. 
    16. 

  16. # If new certificates need to be issued, this needs to be done before the cleanup in the end.
    17. 

  17. mkdir -p $KEY_PATH $CRT_PATH $CA_PATH/db $CA_PATH/private $CA_PATH/certificates
    18. 

  18. touch $CA_PATH/db/index
    19. 

  19. openssl rand -hex 16  > $CA_PATH/db/serial
    20. 

  20. 

  21. 

  22. # Generate all private keys
    23. 

  23. openssl genpkey -algorithm ed25519 -out $KEY_PATH/root-ca.key
    24. 

  24. openssl genpkey -algorithm ed25519 -out $KEY_PATH/server.key
    25. 

  25. openssl genpkey -algorithm ed25519 -out $KEY_PATH/client.key
    26. 

  26. 

  27. # For the server, we also need the public key
    28. 

  28. openssl pkey -in $KEY_PATH/server.key -pubout -out $KEY_PATH/server.pub
    29. 

  29. 

  30. 

  31. # Generate a Certificate Signing Request for the Root CA based on a config file
    32. 

  32. openssl req -new \
    33. 

  33.     -config root-ca.cnf -out root-ca.csr \
    34. 

  34.     -key $KEY_PATH/root-ca.key
    35. 

  35. 

  36. # Self-sign the root certificate
    37. 

  37. openssl ca -batch \
    38. 

  38.     -selfsign -config root-ca.cnf \
    39. 

  39.     -extensions ca_ext \
    40. 

  40.     -in root-ca.csr -out $CRT_PATH/root-ca.crt -notext
    41. 

  41. 

  42. 

  43. # Create a Certificate Signing request for the server certificate
    44. 

  44. openssl req -new \
    45. 

  45.     -config server.cnf -out server.csr \
    46. 

  46.     -key $KEY_PATH/server.key
    47. 

  47. openssl req -text -in server.csr -noout
    48. 

  48. 

  49. # Issue the server certificate
    50. 

  50. openssl ca -batch \
    51. 

  51.     -config root-ca.cnf \
    52. 

  52.     -extensions server_ext \
    53. 

  53.     -extfile server.cnf -extensions ext \
    54. 

  54.     -in server.csr -out $CRT_PATH/server.crt -notext \
    55. 

  55.     -days 1825
    56. 

  56. 

  57. 

  58. # Create a Certificate Signing request for the client certificate
    59. 

  59. openssl req -new \
    60. 

  60.     -config client.cnf -out client.csr \
    61. 

  61.     -key $KEY_PATH/client.key
    62. 

  62. 

  63. # Issue the client certificate
    64. 

  64. openssl ca -batch \
    65. 

  65.     -config root-ca.cnf \
    66. 

  66.     -extensions client_ext \
    67. 

  67.     -in client.csr -out $CRT_PATH/client.crt -notext \
    68. 

  68.     -days 1825
    69. 

  69. 

  70. 

  71. 

  72. # Clean up
    73. 

  73. # IMPORTANT: If new certificates should be issued, $CA_PATH and its files MUST NOT be deleted!
    74. 

  74. # New certificates can be created in this script before cleaning up.
    75. 

  75. rm -rf *.csr $CA_PATH
    76. 

  76.