1*62c56f98SSadaf Ebrahimi#!/bin/sh 2*62c56f98SSadaf Ebrahimi# 3*62c56f98SSadaf Ebrahimi# Copyright The Mbed TLS Contributors 4*62c56f98SSadaf Ebrahimi# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 5*62c56f98SSadaf Ebrahimi 6*62c56f98SSadaf Ebrahimiset -eu 7*62c56f98SSadaf Ebrahimi 8*62c56f98SSadaf Ebrahimi: ${OPENSSL:=openssl} 9*62c56f98SSadaf EbrahimiNB=20 10*62c56f98SSadaf Ebrahimi 11*62c56f98SSadaf EbrahimiOPT="-days 3653 -sha256" 12*62c56f98SSadaf Ebrahimi 13*62c56f98SSadaf Ebrahimi# generate self-signed root 14*62c56f98SSadaf Ebrahimi$OPENSSL ecparam -name prime256v1 -genkey -out 00.key 15*62c56f98SSadaf Ebrahimi$OPENSSL req -new -x509 -subj "/C=UK/O=mbed TLS/CN=CA00" $OPT \ 16*62c56f98SSadaf Ebrahimi -key 00.key -out 00.crt 17*62c56f98SSadaf Ebrahimi 18*62c56f98SSadaf Ebrahimi# cXX.pem is the chain starting at XX 19*62c56f98SSadaf Ebrahimicp 00.crt c00.pem 20*62c56f98SSadaf Ebrahimi 21*62c56f98SSadaf Ebrahimi# generate long chain 22*62c56f98SSadaf Ebrahimii=1 23*62c56f98SSadaf Ebrahimiwhile [ $i -le $NB ]; do 24*62c56f98SSadaf Ebrahimi UP=$( printf "%02d" $((i-1)) ) 25*62c56f98SSadaf Ebrahimi ME=$( printf "%02d" $i ) 26*62c56f98SSadaf Ebrahimi 27*62c56f98SSadaf Ebrahimi $OPENSSL ecparam -name prime256v1 -genkey -out ${ME}.key 28*62c56f98SSadaf Ebrahimi $OPENSSL req -new -subj "/C=UK/O=mbed TLS/CN=CA${ME}" \ 29*62c56f98SSadaf Ebrahimi -key ${ME}.key -out ${ME}.csr 30*62c56f98SSadaf Ebrahimi $OPENSSL x509 -req -CA ${UP}.crt -CAkey ${UP}.key -set_serial 1 $OPT \ 31*62c56f98SSadaf Ebrahimi -extfile int.opensslconf -extensions int \ 32*62c56f98SSadaf Ebrahimi -in ${ME}.csr -out ${ME}.crt 33*62c56f98SSadaf Ebrahimi 34*62c56f98SSadaf Ebrahimi cat ${ME}.crt c${UP}.pem > c${ME}.pem 35*62c56f98SSadaf Ebrahimi 36*62c56f98SSadaf Ebrahimi rm ${ME}.csr 37*62c56f98SSadaf Ebrahimi i=$((i+1)) 38*62c56f98SSadaf Ebrahimidone 39