зеркало из https://github.com/mozilla/gecko-dev.git
80 строки
3.1 KiB
Bash
Executable File
80 строки
3.1 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# The contents of this file are subject to the Mozilla Public
|
|
# License Version 1.1 (the "License"); you may not use this file
|
|
# except in compliance with the License. You may obtain a copy of
|
|
# the License at http://www.mozilla.org/MPL/
|
|
#
|
|
# Software distributed under the License is distributed on an "AS
|
|
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
# implied. See the License for the specific language governing
|
|
# rights and limitations under the License.
|
|
#
|
|
# The Original Code is the Netscape security libraries.
|
|
#
|
|
# The Initial Developer of the Original Code is Netscape
|
|
# Communications Corporation. Portions created by Netscape are
|
|
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
# Rights Reserved.
|
|
#
|
|
# Contributor(s):
|
|
#
|
|
# Alternatively, the contents of this file may be used under the
|
|
# terms of the GNU General Public License Version 2 or later (the
|
|
# "GPL"), in which case the provisions of the GPL are applicable
|
|
# instead of those above. If you wish to allow use of your
|
|
# version of this file only under the terms of the GPL and not to
|
|
# allow others to use your version of this file under the MPL,
|
|
# indicate your decision by deleting the provisions above and
|
|
# replace them with the notice and other provisions required by
|
|
# the GPL. If you do not delete the provisions above, a recipient
|
|
# may use your version of this file under either the MPL or the
|
|
# GPL.
|
|
#
|
|
#
|
|
# Script to generate sample db files neccessary for SSL.
|
|
|
|
# Directory for db's, use in all subsequent -d flags.
|
|
rm -rf SampleCertDBs
|
|
mkdir SampleCertDBs
|
|
|
|
# Password to use.
|
|
echo sample > passfile
|
|
|
|
# Generate the db files, using the above password.
|
|
certutil -N -d SampleCertDBs -f passfile
|
|
|
|
# Generate the CA cert. This cert is self-signed and only useful for
|
|
# test purposes. Set the trust bits to allow it to sign SSL client/server
|
|
# certs.
|
|
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
|
|
-s "CN=My Sample Root CA, O=My Organization" \
|
|
-m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
|
|
-d SampleCertDBs -f passfile
|
|
|
|
# Generate the server cert. This cert is signed by the CA cert generated
|
|
# above. The CN must be hostname.domain.[com|org|net|...].
|
|
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
|
|
-s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
|
|
-m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
|
|
-d SampleCertDBs -f passfile
|
|
|
|
# Generate the client cert. This cert is signed by the CA cert generated
|
|
# above.
|
|
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
|
|
-s "CN=My Client Cert, O=Client Organization" \
|
|
-m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
|
|
-d SampleCertDBs -f passfile
|
|
|
|
# Verify the certificates.
|
|
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
|
|
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
|
|
|
|
# Remove unneccessary files.
|
|
rm -f passfile
|
|
rm -f tempcert*
|
|
|
|
# You are now ready to run your client/server! Example command lines:
|
|
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
|
|
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com
|