Last active
August 28, 2017 16:44
-
-
Save ecki/d66d79bf0cf12872d015804f5edec6e4 to your computer and use it in GitHub Desktop.
ECC Test CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@rem Batch file creates 2 P12 keystores with ECC Certificates (intermediate + root in chain) | |
@del *.pem | |
@del *.csr | |
@del *.crt | |
@del *.p12 | |
@rem -param_enc explicit not possible with Win 7 | |
set NAME=ECC Test | |
@rem # | |
@rem # Root | |
@rem # | |
openssl ecparam -name secp384r1 -genkey -out root-priv-key.pem | |
openssl req -new -x509 -sha384 -key root-priv-key.pem -out root.crt -days 10y -subj "/CN=%NAME% RootCA/C=DE" | |
@rem # | |
@rem # Intermediate | |
@rem # | |
openssl ecparam -name secp384r1 -genkey -out inter-priv-key.pem | |
openssl req -new -sha384 -key inter-priv-key.pem -out inter.csr -subj "/CN=%NAME% ServerCA/C=DE" | |
openssl x509 -req -days 5y -in inter.csr -CA root.crt -CAkey root-priv-key.pem -CAcreateserial -out inter.crt | |
@rem # | |
@rem # Server All | |
@rem # | |
openssl ecparam -name secp256r1 -genkey -out server-priv-key.pem | |
openssl req -new -sha384 -key server-priv-key.pem -out server-all.csr -days 10 -subj "/CN=localhost" | |
openssl x509 -req -days 10 -in server-all.csr -CA inter.crt -CAkey inter-priv-key.pem -CAcreateserial -out server-all.crt -extensions server-all -extfile server.cnf | |
@rem # | |
@rem # Server Both | |
@rem # | |
@rem openssl ecparam -name secp256r1 -genkey -out server-both-priv-key.pem | |
openssl req -new -sha384 -key server-priv-key.pem -out server-both.csr -days 10 -subj "/CN=localhost" | |
openssl x509 -req -days 10 -in server-both.csr -CA inter.crt -CAkey inter-priv-key.pem -CAcreateserial -out server-both.crt -extensions server-both -extfile server.cnf | |
@rem # | |
@rem # Server Sign | |
@rem # | |
@rem openssl ecparam -name secp256r1 -genkey -out server-both-priv-key.pem | |
openssl req -new -sha384 -key server-priv-key.pem -out server-sign.csr -days 10 -subj "/CN=localhost" | |
openssl x509 -req -days 10 -in server-sign.csr -CA inter.crt -CAkey inter-priv-key.pem -CAcreateserial -out server-sign.crt -extensions server-sign -extfile server.cnf | |
@rem # | |
@rem # Server Exch | |
@rem # | |
@rem openssl ecparam -name secp256r1 -genkey -out server-both-priv-key.pem | |
openssl req -new -sha384 -key server-priv-key.pem -out server-exch.csr -days 10 -subj "/CN=localhost" | |
openssl x509 -req -days 10 -in server-exch.csr -CA inter.crt -CAkey inter-priv-key.pem -CAcreateserial -out server-exch.crt -extensions server-exch -extfile server.cnf | |
type root.crt inter.crt > chain.crt | |
@set PASS=pass:testtest | |
openssl pkcs12 -export -in server-both.crt -inkey server-priv-key.pem -out server-both.p12 -name server -CAfile chain.crt -caname root -chain -password %PASS% | |
openssl pkcs12 -export -in server-sign.crt -inkey server-priv-key.pem -out server-sign.p12 -name server -CAfile chain.crt -caname root -chain -password %PASS% | |
openssl pkcs12 -export -in server-exch.crt -inkey server-priv-key.pem -out server-exch.p12 -name server -CAfile chain.crt -caname root -chain -password %PASS% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ server-all ] | |
extendedKeyUsage = serverAuth | |
basicConstraints = CA:FALSE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement | |
subjectAltName=IP:127.0.0.1,DNS:localhost. | |
[ server-both ] | |
extendedKeyUsage = serverAuth | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature, keyAgreement | |
subjectAltName=IP:127.0.0.1,DNS:localhost. | |
[ server-sign ] | |
extendedKeyUsage = serverAuth | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature | |
subjectAltName=IP:127.0.0.1,DNS:localhost. | |
[ server-exch ] | |
extendedKeyUsage = serverAuth | |
basicConstraints = CA:FALSE | |
keyUsage = keyAgreement | |
subjectAltName=IP:127.0.0.1,DNS:localhost. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment