-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathca.cmd
113 lines (100 loc) · 2.79 KB
/
ca.cmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
@echo off
set currdir=%CD%
cd /d %~dp0
set config=-config %~dp0\openssl.cnf
set DAYS=365
set CADAYS=3650
set REQ=openssl req %config%
set CA=openssl ca %config%
set VERIFY=openssl verify %config%
set X509=openssl x509 %config%
set PKCS12=openssl pkcs12 %config%
set CATOP=%~dp0\CA
set CAKEY=dfca2.pem
set CAREQ=dfca2-req.pem
set CACERT=dfca2.pem
if "%1"=="" call :help
if "%1"=="-newcert" call :newcert
if "%1"=="-newreq" call :newreq
if "%1"=="-newrequest-nodes" call :newrequest-nodes
if "%1"=="-newca" call :newca
if "%1"=="-pkcs12" call :pkcs12 %2
if "%1"=="-xsign" call :xsign
if "%1"=="-sign" call :sign %2
if "%1"=="-signca" call :signca
if "%1"=="-signcert" call :signcert
cd /d %currdir%
goto :EOF
:help
echo -newcert
echo -newreq
echo -newrequest-nodes
echo -newca
echo -pkcs12
echo -xsign
echo -sign
echo -signca
echo -signcert
goto :EOF
:newcert
REM create a certificate
echo Error: untested
goto :EOF
%REQ% -new -x509 -keyout newkey.pem -out newcert.pem -days %DAYS%
echo Certificate is in newcert.pem, private key is in newkey.pem
goto :EOF
:newreq
REM create a certificate request
echo Error: untested
goto :EOF
%REQ% -new -keyout newkey.pem -out newreq.pem -days %DAYS%
echo Request is in newreq.pem, private key is in newkey.pem
goto :EOF
:newrequest-nodes
REM create a certificate request
echo Error: untested
goto :EOF
%REQ% -new -nodes -keyout newkey.pem -out newreq.pem -days %DAYS%
echo Request is in newreq.pem, private key is in newkey.pem
:newca
mkdir %CATOP%
mkdir %CATOP%\certs
mkdir %CATOP%\crl
mkdir %CATOP%\csr
mkdir %CATOP%\newcerts
mkdir %CATOP%\private
echo. >nul 2>%CATOP%\index.txt
echo 01>%CATOP%\crlnumber
echo Making CA certificate...
%REQ% -new -keyout %CATOP%\private\%CAKEY% -out %CATOP%\%CAREQ%
%CA% -create_serial -out %CATOP%\%CACERT% -days %CADAYS% -batch -keyfile %CATOP%\private\%CAKEY% -selfsign -extensions v3_ca -infiles %CATOP%\%CAREQ%
goto :EOF
:pkcs12
echo Error: untested
goto :EOF
set cname = %1
%PKCS12% -in newcert.pem -inkey newkey.pem -certfile ${CATOP}\$CACERT -out newcert.p12 -export -name %cname%
echo PKCS #12 file is in newcert.p12
goto :EOF
:xsign
echo Error: untested
goto :EOF
%CA% -policy policy_anything -infiles newreq.pem
goto :EOF
:sign
%CA% -notext -in %CATOP%\csr\%1 -out %CATOP%\certs\%~n1.crt
echo Signed certificate is in %CATOP%\certs\%~n1.crt
goto :EOF
:signca
echo Error: untested
goto :EOF
%CA% -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
echo Signed CA certificate is in newcert.pem
goto :EOF
:signcert
echo Error: untested
goto :EOF
%X509% -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
%CA% -policy policy_anything -out newcert.pem -infiles tmp.pem
echo Signed certificate is in newcert.pem
goto :EOF