--- /usr/lib/ssl/misc/CA.pl 2004-03-23 19:39:05.000000000 +0900 +++ CA.pl 2004-04-11 18:30:00.000000000 +0900 @@ -36,7 +36,7 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; +$SSLEAY_CONFIG="-config myssl.conf"; $DAYS="-days 365"; $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; @@ -82,6 +82,7 @@ mkdir "${CATOP}/crl", $DIRMODE ; mkdir "${CATOP}/newcerts", $DIRMODE; mkdir "${CATOP}/private", $DIRMODE; + mkdir "./racoon", 0700; open OUT, ">${CATOP}/serial"; print OUT "01\n"; close OUT; @@ -105,7 +106,28 @@ "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); $RET=$?; } + $HASH = `$X509 -noout -hash -in ${CATOP}/$CACERT`; + chop $HASH; + system ("cp -p ${CATOP}/$CACERT ./racoon/$HASH.0"); + system ("$CA -gencrl -out ./racoon/$HASH.r0"); } + } elsif (/^-newreq-sign$/) { + # create a certificate request and sign + open SERIAL, "${CATOP}/serial"; + $SEQ = ; + close SERIAL; + chop $SEQ; + system ("$REQ -new -nodes -keyout ./racoon/priv$SEQ.pem" . + " -out newreq.pem $DAYS"); + $RET=$?; + if ($RET) { exit $RET; } + chmod 0600, "./racoon/priv$SEQ.pem"; + print "\n"; + system ("$CA -policy policy_anything -in newreq.pem" . + " -out ./racoon/cert$SEQ.pem"); + $RET=$?; + print "certificate: \"cert$SEQ.pem\", private key:" . + " \"priv$SEQ.pem\" to racoon directory.\n"; } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; --- /etc/ssl/openssl.cnf 2004-03-23 19:39:05.000000000 +0900 +++ myssl.conf 2004-04-06 19:30:47.000000000 +0900 @@ -38,7 +38,7 @@ certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of +unique_subject = yes # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. @@ -67,7 +67,7 @@ default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = sha1 # which md to use. preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -98,7 +98,7 @@ #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes @@ -122,29 +122,32 @@ [ req_distinguished_name ] countryName = Country Name (2 letter code) -countryName_default = AU +countryName_default = JP countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State +stateOrProvinceName_default = Hiroshima-ken localityName = Locality Name (eg, city) +localityName_default = Sapporo-city 0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd +0.organizationName_default = Usagi to Kame # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = +organizationalUnitName_default = Racoon div. commonName = Common Name (eg, YOUR name) +commonName_default = racoon-NN commonName_max = 64 emailAddress = Email Address +emailAddress_default = ora@hara.hetta emailAddress_max = 64 # SET-ex3 = SET extension number 3