gen-test-certs.sh 1.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. #!/bin/bash
  2. # Generate some test certificates which are used by the regression test suite:
  3. #
  4. # tests/tls/ca.{crt,key} Self signed CA certificate.
  5. # tests/tls/redis.{crt,key} A certificate with no key usage/policy restrictions.
  6. # tests/tls/client.{crt,key} A certificate restricted for SSL client usage.
  7. # tests/tls/server.{crt,key} A certificate restricted for SSL server usage.
  8. # tests/tls/redis.dh DH Params file.
  9. generate_cert() {
  10. local name=$1
  11. local cn="$2"
  12. local opts="$3"
  13. local keyfile=tests/tls/${name}.key
  14. local certfile=tests/tls/${name}.crt
  15. [ -f $keyfile ] || openssl genrsa -out $keyfile 2048
  16. openssl req \
  17. -new -sha256 \
  18. -subj "/O=Redis Test/CN=$cn" \
  19. -key $keyfile | \
  20. openssl x509 \
  21. -req -sha256 \
  22. -CA tests/tls/ca.crt \
  23. -CAkey tests/tls/ca.key \
  24. -CAserial tests/tls/ca.txt \
  25. -CAcreateserial \
  26. -days 365 \
  27. $opts \
  28. -out $certfile
  29. }
  30. mkdir -p tests/tls
  31. [ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
  32. openssl req \
  33. -x509 -new -nodes -sha256 \
  34. -key tests/tls/ca.key \
  35. -days 3650 \
  36. -subj '/O=Redis Test/CN=Certificate Authority' \
  37. -out tests/tls/ca.crt
  38. cat > tests/tls/openssl.cnf <<_END_
  39. [ server_cert ]
  40. keyUsage = digitalSignature, keyEncipherment
  41. nsCertType = server
  42. [ client_cert ]
  43. keyUsage = digitalSignature, keyEncipherment
  44. nsCertType = client
  45. _END_
  46. generate_cert server "Server-only" "-extfile tests/tls/openssl.cnf -extensions server_cert"
  47. generate_cert client "Client-only" "-extfile tests/tls/openssl.cnf -extensions client_cert"
  48. generate_cert redis "Generic-cert"
  49. [ -f tests/tls/redis.dh ] || openssl dhparam -out tests/tls/redis.dh 2048