From: Joni Hahkala Date: Wed, 2 Aug 2006 17:09:21 +0000 (+0000) Subject: add certificates with serialnumber and emailaddress in the DN. X-Git-Tag: glite-security-test-utils_R_1_6_0~3 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=84c42b88d5523e989f806550848aa0b4b1ef51f2;p=glite-security-test-utils.git add certificates with serialnumber and emailaddress in the DN. --- diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh index dd9d712..81555c7 100755 --- a/bin/generate-test-certificates.sh +++ b/bin/generate-test-certificates.sh @@ -48,8 +48,24 @@ function create_cert { # next new certificate... - CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE" - echo $CMD; $CMD; + case $flags in + clientserial) + echo serial cert $flags + flags="client" + CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE_SERIAL" + echo $CMD; $CMD; + ;; + clientemail) + echo email cert $flags + flags="client" + CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE_EMAIL" + echo $CMD; $CMD; + ;; + *) + echo normal cert $flags + CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE" + echo $CMD; $CMD; + esac case $flags in client|server|clientserver|fclient|none) @@ -429,7 +445,7 @@ function create_all { # i=0; # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo; - ls -l ${CA_DIR}/. + # ls -l ${CA_DIR}/. create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS @@ -443,6 +459,24 @@ function create_all { # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo; create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp + TYPE="clientserial" + CTYPE="client serial" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" 1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp + + TYPE="clientemail" + CTYPE="client email" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" 1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp + TYPE="fclient" CTYPE="flag client" @@ -706,6 +740,8 @@ for catype in $CATYPES; do export CA_CONF=$CA_DIR/ca_conf.cnf export CA_PROXY_CONF=$CA_DIR/ca_proxy_conf.cnf export REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf + export REQ_CONFIG_FILE_SERIAL=$CA_DIR/req_conf_sn.cnf + export REQ_CONFIG_FILE_EMAIL=$CA_DIR/req_conf_email.cnf export REQ_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_conf.cnf export REQ_PROXY_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_proxy_conf.cnf export PROXY_BITS=512 diff --git a/test/big-ca/req_conf_email.cnf b/test/big-ca/req_conf_email.cnf new file mode 100644 index 0000000..fdcd280 --- /dev/null +++ b/test/big-ca/req_conf_email.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +emailAddress = test@home.org + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/big-ca/req_conf_sn.cnf b/test/big-ca/req_conf_sn.cnf new file mode 100644 index 0000000..8eb3308 --- /dev/null +++ b/test/big-ca/req_conf_sn.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#emailAddress = Email Address + +serialNumber = 12341324 + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/expired-ca/req_conf_email.cnf b/test/expired-ca/req_conf_email.cnf new file mode 100644 index 0000000..fdcd280 --- /dev/null +++ b/test/expired-ca/req_conf_email.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +emailAddress = test@home.org + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/expired-ca/req_conf_sn.cnf b/test/expired-ca/req_conf_sn.cnf new file mode 100644 index 0000000..8eb3308 --- /dev/null +++ b/test/expired-ca/req_conf_sn.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#emailAddress = Email Address + +serialNumber = 12341324 + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/fake-ca/req_conf_email.cnf b/test/fake-ca/req_conf_email.cnf new file mode 100644 index 0000000..fdcd280 --- /dev/null +++ b/test/fake-ca/req_conf_email.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +emailAddress = test@home.org + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/fake-ca/req_conf_sn.cnf b/test/fake-ca/req_conf_sn.cnf new file mode 100644 index 0000000..8eb3308 --- /dev/null +++ b/test/fake-ca/req_conf_sn.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#emailAddress = Email Address + +serialNumber = 12341324 + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/trusted-ca/ca_conf.cnf b/test/trusted-ca/ca_conf.cnf index 42d548d..7ae8401 100644 --- a/test/trusted-ca/ca_conf.cnf +++ b/test/trusted-ca/ca_conf.cnf @@ -20,6 +20,7 @@ organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional +serialNumber = optional [ ca_cert ] basicConstraints=CA:TRUE diff --git a/test/trusted-ca/req_conf_email.cnf b/test/trusted-ca/req_conf_email.cnf new file mode 100644 index 0000000..fdcd280 --- /dev/null +++ b/test/trusted-ca/req_conf_email.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +emailAddress = test@home.org + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/trusted-ca/req_conf_sn.cnf b/test/trusted-ca/req_conf_sn.cnf new file mode 100644 index 0000000..99e8218 --- /dev/null +++ b/test/trusted-ca/req_conf_sn.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UK + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#emailAddress = Email Address + +serialNumber = 12341324 + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ]