#!/usr/bin/perl -W # Non-interactive PKCS cerificate generator # Copyright (C) 2009 Bogdan 'bogdro' Drozdowski # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 3 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software Foudation: # Free Software Foundation # 51 Franklin Street, Fifth Floor # Boston, MA 02110-1301 # USA use strict; use warnings; # each password >= 4 chars # each common name NOT empty - it's the user name or server address my $master_cert_name = 'maincert'; my $password_main = 'main'; # CHANGE my $main_country = 'US'; # CHANGE my $main_state = 'D.C.'; # CHANGE my $main_city = 'Washington'; # CHANGE my $main_company = '.'; # CHANGE my $main_unit = '.'; # CHANGE my $main_common_name = 'aaa'; # CHANGE: user name or server address my $main_email = 'a@a'; # CHANGE my $challenge = 'bbb'; # CHANGE my $password = 'cert0'; # CHANGE my $country = 'US'; # CHANGE my $state = 'D.C.'; # CHANGE my $city = 'Washington'; # CHANGE my $company = '.'; # CHANGE my $unit = '.'; # CHANGE my $common_name = 'bbb'; # CHANGE: user name or server address my $email = 'b@b'; # CHANGE my $export_password = 'cert0'; # CHANGE if ( ! -f $master_cert_name . '_cert.pem' ) { system ("echo -e \"$password_main\n$password_main\n$main_country\n$main_state\n". "$main_city\n$main_company\n$main_unit\n$main_common_name\n$main_email\n\" |". "openssl req -passout stdin -x509 -days 10950 -newkey rsa:2048 -keyout ". "${master_cert_name}_key.pem -out ${master_cert_name}_cert.pem"); system ("openssl x509 -in ${master_cert_name}_cert.pem ". "-outform DER -out ${master_cert_name}_cert.der"); mkdir ('certs'); mkdir ('newcerts'); mkdir ('crl'); #touch ('index.txt'); open (my $index, '> index.txt') or die ("Can't create index.txt file"); close $index; open (my $serial, '> serial') or die ("Can't create serial file"); print $serial '01'; close $serial; } my $i; for ($i=0; $i < 4000000000; $i++) { last if ( ! -f "cert$i.pem" ); } my $name="cert$i"; system ("echo -e \"$password\n$password\n$country\n$state\n$city\n". "$company\n$unit\n$common_name\n$email\n$challenge\n$company\n\"". "| openssl req -passout stdin -days 10950 -newkey rsa:2048 -keyout ". "$name.key -out $name.req"); system ("echo -e \"$password_main\ny\ny\n\" | openssl ". "ca -passin stdin -days 10000 -cert ${master_cert_name}_cert.pem -keyfile ". "${master_cert_name}_key.pem -in $name.req -out $name.pem"); system ("echo -e \"$password\n$export_password\n$export_password\n\" | openssl pkcs12 ". "-passin stdin -passout stdin -export -in $name.pem -inkey $name.key -out $name.p12 ". "-name \"Certificate for $name\""); system ("echo -e \"$export_password\n\" | openssl pkcs12 -passin stdin -in $name.p12 -out ". "$name-pub.pem -nokeys -clcerts"); system ("openssl x509 -in $name-pub.pem -outform DER -out $name-pub.cer"); system ("openssl crl2pkcs7 -nocrl -certfile $name-pub.pem -outform DER -out $name-pub.p7b");