1#!/bin/sh 2 3# Copyright 2015 The Chromium Authors 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# This script generates a CA and leaf cert which can be used for the 8# quic_server. 9 10try() { 11 "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) 12} 13 14try rm -rf out 15try mkdir out 16 17try /bin/sh -c "echo 01 > out/2048-sha256-root-serial" 18touch out/2048-sha256-root-index.txt 19 20# Generate the key. 21try openssl genrsa -out out/2048-sha256-root.key 2048 22 23# Generate the root certificate. 24try openssl req \ 25 -new \ 26 -key out/2048-sha256-root.key \ 27 -out out/2048-sha256-root.req \ 28 -config ca.cnf 29 30try openssl x509 \ 31 -req -days 3 \ 32 -in out/2048-sha256-root.req \ 33 -signkey out/2048-sha256-root.key \ 34 -extfile ca.cnf \ 35 -extensions ca_cert \ 36 -text > out/2048-sha256-root.pem 37 38# Generate the leaf certificate request. 39try openssl req \ 40 -new \ 41 -keyout out/leaf_cert.key \ 42 -out out/leaf_cert.req \ 43 -config leaf.cnf 44 45# Convert the key to pkcs8. 46try openssl pkcs8 \ 47 -topk8 \ 48 -outform DER \ 49 -inform PEM \ 50 -in out/leaf_cert.key \ 51 -out out/leaf_cert.pkcs8 \ 52 -nocrypt 53 54# Generate the leaf certificate to be valid for three days. 55try openssl ca \ 56 -batch \ 57 -days 3 \ 58 -extensions user_cert \ 59 -in out/leaf_cert.req \ 60 -out out/leaf_cert.pem \ 61 -config ca.cnf 62