3 # Create necessary files to run tlsproxy in the current directory.
5 # Requires certtool (from GnuTLS).
7 # Copyright (C) 2011-2013 Simon Ruderich
9 # This program is free software: you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation, either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
26 trap 'rm -f "$tempfile"' EXIT
28 # Generate proxy CA key file.
29 certtool --generate-privkey \
31 --outfile proxy-ca-key.pem
33 echo 'cn = tlsproxy CA' > "$tempfile"
34 echo ca >> "$tempfile"
35 echo cert_signing_key >> "$tempfile"
36 echo 'expiration_days = 3650' >> "$tempfile"
37 certtool --generate-self-signed \
38 --load-privkey proxy-ca-key.pem \
39 --template "$tempfile" \
40 --outfile proxy-ca.pem
42 # Generate proxy key file.
43 certtool --generate-privkey \
45 --outfile proxy-key.pem
47 # Generate proxy "invalid" server certificate. It's used for problematic
49 echo 'organization = tlsproxy' > "$tempfile"
50 echo 'cn = invalid' >> "$tempfile"
51 echo tls_www_server >> "$tempfile"
52 echo encryption_key >> "$tempfile"
53 echo signing_key >> "$tempfile"
54 echo 'expiration_days = 3650' >> "$tempfile"
55 certtool --generate-self-signed \
56 --load-privkey proxy-key.pem \
57 --template "$tempfile" \
58 --outfile proxy-invalid.pem