SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
gocsaf/internal/certs/data/generate_cert.sh
Marius Goetze d54be467dc code review: add license header
2025-10-14 16:46:47 +02:00

92 lines
2.2 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
#
# This file is Free Software under the Apache-2.0 License
# without warranty, see README.md and LICENSES/Apache-2.0.txt for details.
#
# SPDX-License-Identifier: Apache-2.0
#
# SPDX-FileCopyrightText: 2025 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
# Software-Engineering: 2025 Intevation GmbH <https://intevation.de>
# Script to generate the certificates used for testing.
set -e
cd "$(dirname "$0")"
## -- Generate password protected cert
# Create configuration file
cat > cert.conf << 'EOF'
[req]
default_bits = 3072
prompt = no
distinguished_name = dn
req_extensions = v3_req
[dn]
CN = csaf.test
O = CSAF
OU = CSAF Distribution
C = DE
[v3_req]
basicConstraints = critical,CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = OCSPSigning, clientAuth, serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = csaf.test
DNS.2 = localhost
DNS.3 = *.csaf.test
IP.1 = 127.0.0.1
IP.2 = ::1
EOF
# Generate private key
openssl genrsa -out temp_private.key 3072
# Create certificate signing request
openssl req -new -key temp_private.key -out temp_cert.csr -config cert.conf
# Generate certificate
openssl x509 -req -in temp_cert.csr -signkey temp_private.key -out cert.crt -days 36500 -extensions v3_req -extfile cert.conf
# Create encrypted private key with passphrase "qwer"
openssl rsa -in temp_private.key -out privated.pem -aes256 -passout pass:qwer -traditional
## -- Generate NOT password protected client cert
# Create configuration file
cat > cert.conf << 'EOF'
[req]
default_bits = 3072
prompt = no
distinguished_name = dn
req_extensions = v3_req
[dn]
CN = Tester
O = CSAF Tools Development (internal)
C = DE
[v3_req]
basicConstraints = critical,CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
EOF
# Generate private key
openssl genrsa -out testclientkey.pem 3072
# Create certificate signing request
openssl req -new -key testclientkey.pem -out temp_cert.csr -config cert.conf
# Generate certificate
openssl x509 -req -in temp_cert.csr -signkey testclientkey.pem -out testclient.crt -days 36500 -extensions v3_req -extfile cert.conf
## -- Clean up
rm temp_private.key temp_cert.csr cert.conf
View git blame Copy permalink