
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1052740 13f79535-47bb-0310-9956-ffa450edef68
96 lines
2.4 KiB
Bash
Executable file
96 lines
2.4 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Generate a test certification authority certificate
|
|
here=`readlink -f $0`; here=`dirname $here`
|
|
mkdir -p $1
|
|
root=`readlink -f $1`
|
|
|
|
host=$2
|
|
|
|
# Don't override existing certificate
|
|
if [ -f $root/cert/ca.crt ]; then
|
|
return 0
|
|
fi
|
|
|
|
# Generate openssl configuration
|
|
mkdir -p $root/cert
|
|
umask 0007
|
|
cat >$root/cert/openssl-ca.conf <<EOF
|
|
[ req ]
|
|
default_bits = 1024
|
|
encrypt_key = no
|
|
prompt = no
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_ca
|
|
|
|
[ req_distinguished_name ]
|
|
C = US
|
|
ST = CA
|
|
L = San Francisco
|
|
O = $host
|
|
OU = authority
|
|
CN = $host
|
|
emailAddress = admin@$host
|
|
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
basicConstraints = CA:true
|
|
|
|
[ca]
|
|
default_ca = ca_default
|
|
|
|
[ca_default]
|
|
certificate = $root/cert/ca.crt
|
|
private_key = $root/cert/ca.key
|
|
serial = $root/cert/ca-serial
|
|
database = $root/cert/ca-database
|
|
new_certs_dir = $root/cert
|
|
default_md = sha1
|
|
email_in_dn = no
|
|
default_days = 365
|
|
default_crl_days = 30
|
|
policy = policy_any
|
|
copy_extensions = none
|
|
|
|
[ policy_any ]
|
|
countryName = supplied
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
EOF
|
|
|
|
rm -rf $root/cert/*.crt $root/cert/*.pem $root/cert/hash
|
|
rm -f $root/cert/ca-database
|
|
echo 1000 > $root/cert/ca-serial
|
|
touch $root/cert/ca-database
|
|
|
|
# Generate the certification authority certificate
|
|
openssl req -new -x509 -config $root/cert/openssl-ca.conf -out $root/cert/ca.crt -keyout $root/cert/ca.key
|
|
|
|
# Add to the hash directory and rehash
|
|
mkdir -p $root/cert/hash
|
|
cp $root/cert/ca.crt $root/cert/hash
|
|
c_rehash $root/cert/hash
|
|
|