make_root_cert.pl 1.29 KB
Newer Older
Pekka Pessi's avatar
Pekka Pessi committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#!/usr/bin/perl

use strict;
use Getopt::Long;
use File::Temp;

my $cn;
my @dns = ();
my $prefix = "root";
my $rand = "tls_seed.dat";
my $help = 0;

GetOptions('help' => \$help,
	   'cn=s' => \$cn,
	   'dns=s' => \@dns,
	   'prefix=s' => \$prefix,
           'rand=s' => \$rand);

@dns = split(/,/,join(',',@dns));

if ($help || !$cn || !@dns) {
  print "Usage: make_root_cert -cn <common name>\n".
        "                      -dns <comma separated list of dns names>\n". 
	"                     [-prefix <name prefix>]\n".
	"                     [-rand <random seed file>\n]";
  exit 0;
}

$_ = "DNS:$_" for @dns;

my $dnsstring = join(',', @dns);

my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);

print $fh <<"EOF";
[ req ]
default_bits		= 1024
prompt                  = no
distinguished_name	= req_dn

[ req_dn ]
commonName		= $cn

[ ext ]
basicConstraints = CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
subjectAltName=$dnsstring
EOF

system("openssl req -newkey rsa -nodes -keyout ${prefix}key.pem -sha1 -out ${prefix}req.pem -config $filename -rand $rand");

system("openssl x509 -req -in ${prefix}req.pem -sha1 -extensions ext -signkey ${prefix}key.pem -out ${prefix}cert.pem -extfile $filename");

system("cat ${prefix}cert.pem ${prefix}key.pem >${prefix}.pem");