| #!/bin/sh |
| |
| # Copyright 2015 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # This script generates a CA and leaf cert which can be used for the |
| # quic_server. |
| |
| try() { |
| "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) |
| } |
| |
| try rm -rf out |
| try mkdir out |
| |
| try /bin/sh -c "echo 01 > out/2048-sha256-root-serial" |
| touch out/2048-sha256-root-index.txt |
| |
| # Generate the key. |
| try openssl genrsa -out out/2048-sha256-root.key 2048 |
| |
| # Generate the root certificate. |
| try openssl req \ |
| -new \ |
| -key out/2048-sha256-root.key \ |
| -out out/2048-sha256-root.req \ |
| -config ca.cnf |
| |
| try openssl x509 \ |
| -req -days 3 \ |
| -in out/2048-sha256-root.req \ |
| -signkey out/2048-sha256-root.key \ |
| -extfile ca.cnf \ |
| -extensions ca_cert \ |
| -text > out/2048-sha256-root.pem |
| |
| # Generate the leaf certificate request. |
| try openssl req \ |
| -new \ |
| -keyout out/leaf_cert.key \ |
| -out out/leaf_cert.req \ |
| -config leaf.cnf |
| |
| # Convert the key to pkcs8. |
| try openssl pkcs8 \ |
| -topk8 \ |
| -outform DER \ |
| -inform PEM \ |
| -in out/leaf_cert.key \ |
| -out out/leaf_cert.pkcs8 \ |
| -nocrypt |
| |
| # Generate the leaf certificate to be valid for three days. |
| try openssl ca \ |
| -batch \ |
| -days 3 \ |
| -extensions user_cert \ |
| -in out/leaf_cert.req \ |
| -out out/leaf_cert.pem \ |
| -config ca.cnf |
