105 lines
3 KiB
Text
105 lines
3 KiB
Text
|
$! TESTSS.COM
|
||
|
$
|
||
|
$ __arch := VAX
|
||
|
$ if f$getsyi("cpu") .ge. 128 then __arch := AXP
|
||
|
$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
|
||
|
$
|
||
|
$ digest="-mdc2"
|
||
|
$ reqcmd := mcr 'exe_dir'openssl req
|
||
|
$ x509cmd := mcr 'exe_dir'openssl x509 'digest'
|
||
|
$ verifycmd := mcr 'exe_dir'openssl verify
|
||
|
$
|
||
|
$ CAkey="""keyCA.ss"""
|
||
|
$ CAcert="""certCA.ss"""
|
||
|
$ CAreq="""reqCA.ss"""
|
||
|
$ CAconf="""CAss.cnf"""
|
||
|
$ CAreq2="""req2CA.ss""" ! temp
|
||
|
$
|
||
|
$ Uconf="""Uss.cnf"""
|
||
|
$ Ukey="""keyU.ss"""
|
||
|
$ Ureq="""reqU.ss"""
|
||
|
$ Ucert="""certU.ss"""
|
||
|
$
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "make a certificate request using 'req'"
|
||
|
$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "error using 'req' to generate a certificate request"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
|
||
|
$ define /user sys$output err.ss
|
||
|
$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "error using 'x509' to self sign a certificate request"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "convert a certificate into a certificate request using 'x509'"
|
||
|
$ define /user sys$output err.ss
|
||
|
$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "error using 'x509' convert a certificate to a certificate request"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ 'reqcmd' -verify -in 'CAreq' -noout
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "first generated request is invalid"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ 'reqcmd' -verify -in 'CAreq2' -noout
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "second generated request is invalid"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "first generated cert is invalid"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "make another certificate request using 'req'"
|
||
|
$ define /user sys$output err.ss
|
||
|
$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "error using 'req' to generate a certificate request"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "sign certificate request with the just created CA via 'x509'"
|
||
|
$ define /user sys$output err.ss
|
||
|
$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
|
||
|
$ if $severity .ne. 1
|
||
|
$ then
|
||
|
$ write sys$output "error using 'x509' to sign a certificate request"
|
||
|
$ exit 3
|
||
|
$ endif
|
||
|
$
|
||
|
$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "Certificate details"
|
||
|
$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
|
||
|
$
|
||
|
$ write sys$output ""
|
||
|
$ write sys$output "The generated CA certificate is ",CAcert
|
||
|
$ write sys$output "The generated CA private key is ",CAkey
|
||
|
$
|
||
|
$ write sys$output "The generated user certificate is ",Ucert
|
||
|
$ write sys$output "The generated user private key is ",Ukey
|
||
|
$
|
||
|
$ delete err.ss;*
|