X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fremote-installer.git;a=blobdiff_plain;f=test%2Fcertificates%2Fcreate.sh;fp=test%2Fcertificates%2Fcreate.sh;h=c0df88a71be22cde43a3cadeef2d8d2443378bff;hp=0000000000000000000000000000000000000000;hb=f9adb9143ef94b16ae16941652e75deccad506ef;hpb=3a2c5cc0fe9265242032882d68129b7faf47235c

diff --git a/test/certificates/create.sh b/test/certificates/create.sh
new file mode 100755
index 0000000..c0df88a
--- /dev/null
+++ b/test/certificates/create.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Configuration files
+# openssl-ca.cnf          - contains information for the CA certificate
+# openssl-ca-sign.cnf     - add the signing information most important private key and certificate
+# openssl-server.cnf      - no explanation needed
+# openssl-server-sign.cnf - no explanation needed
+# openssl-client.cnf      - no explanation needed
+# openssl-badboy.cnf      - creates a certificate which should be rejected
+
+# Create self signed CA certificate
+openssl req -x509 -config openssl-ca.cnf -newkey rsa:2048 -sha256 -nodes -out cacert.pem -outform PEM
+openssl x509 -in cacert.pem -text -noout |head -n 20
+
+# Create client server certificates
+openssl req -config openssl-server.cnf -newkey rsa:2048 -sha256 -nodes -out servercert.csr -outform PEM 
+openssl req -config openssl-client.cnf -newkey rsa:2048 -sha256 -nodes -out clientcert.csr -outform PEM
+openssl req -config openssl-badboy.cnf -newkey rsa:2048 -sha256 -nodes -out badboycert.csr -outform PEM
+
+# Initialize database (?) for signed certificates
+echo -n > index.txt
+echo '01' > serial.txt
+echo -n > index-ri.txt
+echo '01' > serial-ri.txt
+
+# Sign server certificate with CA private key
+echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out servercert.pem -infiles servercert.csr
+# Sign client certificate with server private key
+echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out clientcert.pem -infiles clientcert.csr
+echo -e "y\ny\n" | openssl ca -config openssl-ca-sign.cnf -policy signing_policy -extensions signing_req -out badboycert.pem -infiles badboycert.csr
+
+# openssl x509 -in cacert.pem -text -noout