set -e
+
+if test "$#" -ne 0; then
+ echo "Usage: $0"
+ exit 1
+fi
+
tempfile=`mktemp`
trap 'rm -f "$tempfile"' EXIT
# Generate proxy CA key file.
certtool --generate-privkey \
+ --sec-param high \
--outfile proxy-ca-key.pem
# Generate proxy CA.
echo 'cn = tlsproxy CA' > "$tempfile"
echo ca >> "$tempfile"
echo cert_signing_key >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
--load-privkey proxy-ca-key.pem \
--template "$tempfile" \
# Generate proxy key file.
certtool --generate-privkey \
+ --sec-param high \
--outfile proxy-key.pem
# Generate proxy "invalid" server certificate. It's used for problematic
echo tls_www_server >> "$tempfile"
echo encryption_key >> "$tempfile"
echo signing_key >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
--load-privkey proxy-key.pem \
--template "$tempfile" \
rm "$tempfile"
+# Generate proxy Diffie-Hellman parameters.
+certtool --generate-dh-params \
+ --sec-param high \
+ --outfile proxy-dh.pem
+
echo done