|
39 | 39 | # aia/multi-aia-cert.pem |
40 | 40 | # aia/overflow-aia-cert.pem |
41 | 41 | # sia/timestamping-sia-cert.pem |
| 42 | +# tsa-cert.pem |
| 43 | +# tsa-cert.der |
| 44 | +# tsa-ecc-cert.pem |
| 45 | +# tsa-ecc-cert.der |
| 46 | +# tsa-bad-ku-cert.pem |
| 47 | +# tsa-bad-ku-cert.der |
| 48 | +# tsa-extra-eku-cert.pem |
| 49 | +# tsa-extra-eku-cert.der |
| 50 | +# tsa-chain-cert.pem |
| 51 | +# tsa-chain-cert.der |
| 52 | +# intermediate/ca-int-cert.der |
42 | 53 | # updates the following crls: |
43 | 54 | # crl/cliCrl.pem |
44 | 55 | # crl/crl.pem |
@@ -216,6 +227,118 @@ run_renewcerts(){ |
216 | 227 | echo "End of section" |
217 | 228 | echo "---------------------------------------------------------------------" |
218 | 229 |
|
| 230 | + ############################################################ |
| 231 | + ######## update the self-signed (2048-bit) tsa-cert.pem ### |
| 232 | + ############################################################ |
| 233 | + echo "Updating 2048-bit tsa-cert.pem" |
| 234 | + echo "" |
| 235 | + openssl req -new -key tsa-key.pem -config ./renewcerts/wolfssl.cnf -nodes -subj "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=TSA-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" -out tsa-cert.csr |
| 236 | + check_result $? "Step 1" |
| 237 | + |
| 238 | + openssl x509 -req -in tsa-cert.csr -days 1000 -extfile ./renewcerts/wolfssl.cnf -extensions tsa_cert -signkey tsa-key.pem -out tsa-cert.pem |
| 239 | + check_result $? "Step 2" |
| 240 | + rm tsa-cert.csr |
| 241 | + |
| 242 | + openssl x509 -in tsa-cert.pem -text > tmp.pem |
| 243 | + check_result $? "Step 3" |
| 244 | + mv tmp.pem tsa-cert.pem |
| 245 | + |
| 246 | + openssl x509 -in tsa-cert.pem -outform der -out tsa-cert.der |
| 247 | + check_result $? "Step 4" |
| 248 | + echo "End of section" |
| 249 | + echo "---------------------------------------------------------------------" |
| 250 | + |
| 251 | + ############################################################ |
| 252 | + ## update the intermediate-issued tsa-chain-cert.pem ###### |
| 253 | + ############################################################ |
| 254 | + echo "Updating 2048-bit tsa-chain-cert.pem" |
| 255 | + echo "" |
| 256 | + openssl req -new -key tsa-chain-key.pem -config ./renewcerts/wolfssl.cnf -nodes -subj "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=TSA-chain-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" -out tsa-chain-cert.csr |
| 257 | + check_result $? "Step 1" |
| 258 | + |
| 259 | + openssl x509 -req -in tsa-chain-cert.csr -days 1000 -extfile ./renewcerts/wolfssl.cnf -extensions tsa_cert -CA intermediate/ca-int-cert.pem -CAkey intermediate/ca-int-key.pem -CAcreateserial -out tsa-chain-cert.pem |
| 260 | + check_result $? "Step 2" |
| 261 | + rm tsa-chain-cert.csr |
| 262 | + rm -f intermediate/ca-int-cert.srl |
| 263 | + |
| 264 | + openssl x509 -in tsa-chain-cert.pem -text > tmp.pem |
| 265 | + check_result $? "Step 3" |
| 266 | + mv tmp.pem tsa-chain-cert.pem |
| 267 | + |
| 268 | + openssl x509 -in tsa-chain-cert.pem -outform der -out tsa-chain-cert.der |
| 269 | + check_result $? "Step 4" |
| 270 | + |
| 271 | + # DER of the issuing intermediate CA - consumed as a cert buffer |
| 272 | + # (certs_test.h) for the TSA chain verification test. Derived from the |
| 273 | + # existing PEM; not removed. |
| 274 | + openssl x509 -in intermediate/ca-int-cert.pem -outform der -out intermediate/ca-int-cert.der |
| 275 | + check_result $? "Step 5" |
| 276 | + echo "End of section" |
| 277 | + echo "---------------------------------------------------------------------" |
| 278 | + |
| 279 | + ############################################################ |
| 280 | + ########## update the self-signed tsa-ecc-cert.pem ######## |
| 281 | + ############################################################ |
| 282 | + echo "Updating tsa-ecc-cert.pem" |
| 283 | + echo "" |
| 284 | + openssl req -new -key tsa-ecc-key.pem -config ./renewcerts/wolfssl.cnf -nodes -subj "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=TSA-ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" -out tsa-ecc-cert.csr |
| 285 | + check_result $? "Step 1" |
| 286 | + |
| 287 | + openssl x509 -req -in tsa-ecc-cert.csr -days 1000 -extfile ./renewcerts/wolfssl.cnf -extensions tsa_cert -signkey tsa-ecc-key.pem -out tsa-ecc-cert.pem |
| 288 | + check_result $? "Step 2" |
| 289 | + rm tsa-ecc-cert.csr |
| 290 | + |
| 291 | + openssl x509 -in tsa-ecc-cert.pem -text > tmp.pem |
| 292 | + check_result $? "Step 3" |
| 293 | + mv tmp.pem tsa-ecc-cert.pem |
| 294 | + |
| 295 | + openssl x509 -in tsa-ecc-cert.pem -outform der -out tsa-ecc-cert.der |
| 296 | + check_result $? "Step 4" |
| 297 | + echo "End of section" |
| 298 | + echo "---------------------------------------------------------------------" |
| 299 | + |
| 300 | + ############################################################ |
| 301 | + ## update the self-signed (2048-bit) tsa-bad-ku-cert.pem ## |
| 302 | + ############################################################ |
| 303 | + echo "Updating 2048-bit tsa-bad-ku-cert.pem" |
| 304 | + echo "" |
| 305 | + openssl req -new -key tsa-key.pem -config ./renewcerts/wolfssl.cnf -nodes -subj "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=TSA-bad-ku-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" -out tsa-bad-ku-cert.csr |
| 306 | + check_result $? "Step 1" |
| 307 | + |
| 308 | + openssl x509 -req -in tsa-bad-ku-cert.csr -days 1000 -extfile ./renewcerts/wolfssl.cnf -extensions tsa_bad_ku_cert -signkey tsa-key.pem -out tsa-bad-ku-cert.pem |
| 309 | + check_result $? "Step 2" |
| 310 | + rm tsa-bad-ku-cert.csr |
| 311 | + |
| 312 | + openssl x509 -in tsa-bad-ku-cert.pem -text > tmp.pem |
| 313 | + check_result $? "Step 3" |
| 314 | + mv tmp.pem tsa-bad-ku-cert.pem |
| 315 | + |
| 316 | + openssl x509 -in tsa-bad-ku-cert.pem -outform der -out tsa-bad-ku-cert.der |
| 317 | + check_result $? "Step 4" |
| 318 | + echo "End of section" |
| 319 | + echo "---------------------------------------------------------------------" |
| 320 | + |
| 321 | + ############################################################### |
| 322 | + ## update the self-signed (2048-bit) tsa-extra-eku-cert.pem ## |
| 323 | + ############################################################### |
| 324 | + echo "Updating 2048-bit tsa-extra-eku-cert.pem" |
| 325 | + echo "" |
| 326 | + openssl req -new -key tsa-key.pem -config ./renewcerts/wolfssl.cnf -nodes -subj "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=TSA-extra-eku-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" -out tsa-extra-eku-cert.csr |
| 327 | + check_result $? "Step 1" |
| 328 | + |
| 329 | + openssl x509 -req -in tsa-extra-eku-cert.csr -days 1000 -extfile ./renewcerts/wolfssl.cnf -extensions tsa_extra_eku_cert -signkey tsa-key.pem -out tsa-extra-eku-cert.pem |
| 330 | + check_result $? "Step 2" |
| 331 | + rm tsa-extra-eku-cert.csr |
| 332 | + |
| 333 | + openssl x509 -in tsa-extra-eku-cert.pem -text > tmp.pem |
| 334 | + check_result $? "Step 3" |
| 335 | + mv tmp.pem tsa-extra-eku-cert.pem |
| 336 | + |
| 337 | + openssl x509 -in tsa-extra-eku-cert.pem -outform der -out tsa-extra-eku-cert.der |
| 338 | + check_result $? "Step 4" |
| 339 | + echo "End of section" |
| 340 | + echo "---------------------------------------------------------------------" |
| 341 | + |
219 | 342 | ############################################################ |
220 | 343 | #### update the self-signed (1024-bit) client-cert.pem ##### |
221 | 344 | ############################################################ |
|
0 commit comments