3 # Create necessary files to run tlsproxy in the current directory.
5 # Requires certtool (from GnuTLS).
7 # Copyright (C) 2011-2013 Simon Ruderich
9 # This program is free software: you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation, either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
26 if test "$#" -ne 0; then
32 trap 'rm -f "$tempfile"' EXIT
34 # Generate proxy CA key file.
35 certtool --generate-privkey \
37 --outfile proxy-ca-key.pem
39 echo 'cn = tlsproxy CA' > "$tempfile"
40 echo ca >> "$tempfile"
41 echo cert_signing_key >> "$tempfile"
42 echo 'expiration_days = 3650' >> "$tempfile"
43 certtool --generate-self-signed \
44 --load-privkey proxy-ca-key.pem \
45 --template "$tempfile" \
46 --outfile proxy-ca.pem
48 # Generate proxy key file.
49 certtool --generate-privkey \
51 --outfile proxy-key.pem
53 # Generate proxy "invalid" server certificate. It's used for problematic
55 echo 'organization = tlsproxy' > "$tempfile"
56 echo 'cn = invalid' >> "$tempfile"
57 echo tls_www_server >> "$tempfile"
58 echo encryption_key >> "$tempfile"
59 echo signing_key >> "$tempfile"
60 echo 'expiration_days = 3650' >> "$tempfile"
61 certtool --generate-self-signed \
62 --load-privkey proxy-key.pem \
63 --template "$tempfile" \
64 --outfile proxy-invalid.pem
68 # Generate proxy Diffie-Hellman parameters.
69 certtool --generate-dh-params \
71 --outfile proxy-dh.pem