summaryrefslogtreecommitdiffstats
path: root/testenv/certs/make_ca.sh
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:57 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 03:06:57 +0000
commita3eed2c248067f0319cb72bcc8b5e2c7054ea6dc (patch)
treefd79d650c7ffee81608955be5f4fd8edd791834e /testenv/certs/make_ca.sh
parentInitial commit. (diff)
downloadwget-a3eed2c248067f0319cb72bcc8b5e2c7054ea6dc.tar.xz
wget-a3eed2c248067f0319cb72bcc8b5e2c7054ea6dc.zip
Adding upstream version 1.20.1.upstream/1.20.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testenv/certs/make_ca.sh')
-rwxr-xr-xtestenv/certs/make_ca.sh23
1 files changed, 23 insertions, 0 deletions
diff --git a/testenv/certs/make_ca.sh b/testenv/certs/make_ca.sh
new file mode 100755
index 0000000..f9b5676
--- /dev/null
+++ b/testenv/certs/make_ca.sh
@@ -0,0 +1,23 @@
+#!/bin/sh -e
+
+# create a self signed CA certificate
+certtool --generate-privkey --outfile ca-key.pem
+certtool --generate-self-signed --load-privkey ca-key.pem --template=ca-template.cfg --outfile ca-cert.pem
+
+# create the server RSA private key
+certtool --generate-privkey --outfile server-key.pem --rsa
+
+# generate a server certificate using the private key only
+certtool --generate-certificate --load-privkey server-key.pem --template=server-template.cfg --outfile server-cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
+
+# create a CRL for the server certificate
+certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca-cert.pem --load-certificate server-cert.pem --outfile server-crl.pem --template=server-template.cfg
+
+# generate a public key in PEM format
+openssl x509 -noout -pubkey < server-cert.pem > server-pubkey.pem
+
+# generate a public key in DER format
+openssl x509 -noout -pubkey < server-cert.pem | openssl asn1parse -noout -inform pem -out server-pubkey.der
+
+# generate a sha256 hash of the public key
+openssl x509 -noout -pubkey < server-cert.pem | openssl asn1parse -noout -inform pem -out /dev/stdout | openssl dgst -sha256 -binary | openssl base64 > server-pubkey-sha256.base64