certificates-update 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
  1. #! /bin/sh
  2. #
  3. # Generate agent.pem
  4. #
  5. # Copyright (C) 2007 Nokia Corporation
  6. #
  7. # Author: Pekka Pessi
  8. # Based on Mikko Haataja's perl script
  9. #
  10. CN='C=FI, L=Helsinki, O=sofia-sip, CN=tport test'
  11. ALTNAME=DNS:tport-test.sofia-sip.org
  12. #ALTNAME=URI:sips:tport-test.sofia-sip.org
  13. DAYS=730
  14. umask 077
  15. T=${TMPDIR:-/tmp}/sofia-sip-certs-${USER}-$$-`date +%N`
  16. CA=${T}/CA
  17. mkdir $T || exit 1
  18. mkdir $T/CA || exit 1
  19. cat > $CA/cakey.pem <<EOF
  20. -----BEGIN RSA PRIVATE KEY-----
  21. Proc-Type: 4,ENCRYPTED
  22. DEK-Info: DES-EDE3-CBC,4B47A0A73ADE342E
  23. aHmlPa+ZrOV6v+Jk0SClxzpxoG3j0ZuyoVkF9rzq2bZkzVBKLU6xhWwjMDqwA8dH
  24. 3fCRLhMGIUVnmymXYhTW9svI1gpFxMBQHJcKpV/SmgFn/fbYk98Smo2izHOniIiu
  25. NOu2zr+bMiaBphOAZ/OCtVUxUOoBDKN9lR39UCDOgkEQzp9Vbw7l736yu5H9GMHP
  26. JtGLJyx3RhS3TvLfLAJZhjm/wZ/9QM8GjyJEiDhMQRJVeIZGvv4Yr1u6yYHiHfjX
  27. tX2eds8Luc83HbSvjAyjnkLtJsAZ/8cFzrd7pjFzbogLdWuil+kpkkf5h1uzh7oa
  28. um0M1EXBE4tcDHsfg1iqEsDMIei/U+/rWfk1PrzYlklwZp8S03vulkDm1fT76W7d
  29. mRBg4+CrHA6qYn6EPWB37OBtfEqAfINnIcI1dWzso9A0bTPD4EJO0JA0PcZ/2JgT
  30. PaKySgooHQ8AHNQebelch6M5LFExpaOADJKrqauKcc2HeUxXaYIpac5/7drIl3io
  31. UloqUnMlGa3eLP7BZIMsZKCfHZ8oqwU4g6mmmJath2gODRDx3mfhH6yaimDL7v4i
  32. SAIIkrEHXfSyovrTJymfSfQtYxUraVZDqax6oj/eGllRxliGfMLYG9ceU+yU/8FN
  33. LE7P+Cs19H5tHHzx1LlieaK43u/XvbXHlB5mqL/fZdkUIBJsjbBVx0HR8eQl2CH9
  34. YJDMOPLADecwHoyKA0AY59oN9d41oF7yZtN9KwNdslROYH7mNJlqMMenhXCLN+Nz
  35. vVU5/7/ugZFhZqfS46c1WdmSvuqpDp7TBtMeaH/PXjysBr0iZffOxQ==
  36. -----END RSA PRIVATE KEY-----
  37. EOF
  38. cat > $CA/cacert.pem <<EOF
  39. -----BEGIN CERTIFICATE-----
  40. MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJVUzET
  41. MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
  42. BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
  43. eTAeFw0wMzA3MTgxMjIxNTJaFw0xMzA3MTUxMjIxNTJaMHAxCzAJBgNVBAYTAlVT
  44. MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UE
  45. ChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9y
  46. aXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDIh6DkcUDLDyK9BEUxkud
  47. +nJ4xrCVGKfgjHm6XaSuHiEtnfELHM+9WymzkBNzZpJu30yzsxwfKoIKugdNUrD4
  48. N3viCicwcN35LgP/KnbN34cavXHr4ZlqxH+OdKB3hQTpQa38A7YXdaoz6goW2ft5
  49. Mi74z03GNKP/G9BoKOGd5QIDAQABo4HNMIHKMB0GA1UdDgQWBBRrRhcU6pR2JYBU
  50. bhNU2qHjVBShtjCBmgYDVR0jBIGSMIGPgBRrRhcU6pR2JYBUbhNU2qHjVBShtqF0
  51. pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcT
  52. CFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBD
  53. ZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
  54. AQUFAAOBgQCWbRvv1ZGTRXxbH8/EqkdSCzSoUPrs+rQqR0xdQac9wNY/nlZbkR3O
  55. qAezG6Sfmklvf+DOg5RxQq/+Y6I03LRepc7KeVDpaplMFGnpfKsibETMipwzayNQ
  56. QgUf4cKBiF+65Ue7hZuDJa2EMv8qW4twEhGDYclpFU9YozyS1OhvUg==
  57. -----END CERTIFICATE-----
  58. EOF
  59. cat > $T/a.cnf <<EOF
  60. [ req ]
  61. default_bits = 1024
  62. prompt = no
  63. distinguished_name = req_dn
  64. [ req_dn ]
  65. commonName = $CN
  66. [ ext ]
  67. basicConstraints=CA:FALSE
  68. subjectKeyIdentifier=hash
  69. authorityKeyIdentifier=keyid,issuer:always
  70. subjectAltName=$ALTNAME
  71. #keyUsage=digitalSignature:TRUE,keyEncipherment:TRUE
  72. EOF
  73. cat $T/a.cnf
  74. openssl req -new -out $T/a_req.pem -newkey rsa:1024 -keyout $T/a_key.pem \
  75. -sha1 -config $T/a.cnf -days $DAYS -nodes
  76. openssl x509 -req -in $T/a_req.pem -sha1 \
  77. -extensions ext -extfile $T/a.cnf \
  78. -CA $CA/cacert.pem -CAkey $CA/cakey.pem \
  79. -passin pass:password \
  80. -CAcreateserial \
  81. -days $DAYS \
  82. -out $T/a_cert.pem
  83. cat $T/a_cert.pem $T/a_key.pem
  84. rm $CA/* && rmdir $CA && rm $T/* && rmdir $T