#!/bin/sh # # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Netscape security libraries. # # The Initial Developer of the Original Code is Netscape # Communications Corporation. Portions created by Netscape are # Copyright (C) 1994-2000 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): # # Alternatively, the contents of this file may be used under the # terms of the GNU General Public License Version 2 or later (the # "GPL"), in which case the provisions of the GPL are applicable # instead of those above. If you wish to allow use of your # version of this file only under the terms of the GPL and not to # allow others to use your version of this file under the MPL, # indicate your decision by deleting the provisions above and # replace them with the notice and other provisions required by # the GPL. If you do not delete the provisions above, a recipient # may use your version of this file under either the MPL or the # GPL. # # # Script to generate sample db files neccessary for SSL. # Directory for db's, use in all subsequent -d flags. rm -rf SampleCertDBs mkdir SampleCertDBs # Password to use. echo sample > passfile # Generate the db files, using the above password. certutil -N -d SampleCertDBs -f passfile # Generate the CA cert. This cert is self-signed and only useful for # test purposes. Set the trust bits to allow it to sign SSL client/server # certs. certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \ -s "CN=My Sample Root CA, O=My Organization" \ -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \ -d SampleCertDBs -f passfile # Generate the server cert. This cert is signed by the CA cert generated # above. The CN must be hostname.domain.[com|org|net|...]. certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \ -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \ -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \ -d SampleCertDBs -f passfile # Generate the client cert. This cert is signed by the CA cert generated # above. certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \ -s "CN=My Client Cert, O=Client Organization" \ -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \ -d SampleCertDBs -f passfile # Verify the certificates. certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs # Remove unneccessary files. rm -f passfile rm -f tempcert* # You are now ready to run your client/server! Example command lines: # server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R # client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com