#!/bin/sh # # ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # # The contents of this file are subject to the Mozilla Public License Version # 1.1 (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS IS" basis, # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License # for the specific language governing rights and limitations under the # License. # # The Original Code is the Netscape security libraries. # # The Initial Developer of the Original Code is # Netscape Communications Corporation. # Portions created by the Initial Developer are Copyright (C) 1994-2000 # the Initial Developer. All Rights Reserved. # # Contributor(s): # # Alternatively, the contents of this file may be used under the terms of # either the GNU General Public License Version 2 or later (the "GPL"), or # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), # in which case the provisions of the GPL or the LGPL are applicable instead # of those above. If you wish to allow use of your version of this file only # under the terms of either the GPL or the LGPL, and not to allow others to # use your version of this file under the terms of the MPL, indicate your # decision by deleting the provisions above and replace them with the notice # and other provisions required by the GPL or the LGPL. If you do not delete # the provisions above, a recipient may use your version of this file under # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** # Directory for db's, use in all subsequent -d flags. rm -rf SampleCertDBs mkdir SampleCertDBs # Password to use. echo sample > passfile # Generate the db files, using the above password. certutil -N -d SampleCertDBs -f passfile # Generate the CA cert. This cert is self-signed and only useful for # test purposes. Set the trust bits to allow it to sign SSL client/server # certs. certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \ -s "CN=My Sample Root CA, O=My Organization" \ -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \ -d SampleCertDBs -f passfile # Generate the server cert. This cert is signed by the CA cert generated # above. The CN must be hostname.domain.[com|org|net|...]. certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \ -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \ -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \ -d SampleCertDBs -f passfile # Generate the client cert. This cert is signed by the CA cert generated # above. certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \ -s "CN=My Client Cert, O=Client Organization" \ -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \ -d SampleCertDBs -f passfile # Verify the certificates. certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs # Remove unneccessary files. rm -f passfile rm -f tempcert* # You are now ready to run your client/server! Example command lines: # server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R # client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com