:: genssl2k.bat.txt v.1 :: ############################################################################################## :: # :: # 2k ssl certificate generator script from scratch :: # by olivier.poudade@free.fr 09/10/2006 :: # disclaimer : author not liable for any use :: # :: ############################################################################################## REM to import to certmgr.exe as pfx/p12, or use directly to EFS crypt REM openssl genrsa -des3 -out privkey.pem 2048 REM ---------------> CREATE CERTIFICATES SERIAL REM ECHO '862425416841864168879872598279827979'>SERIAL REM ---------------> CREATE CERTIFICATES INDEX REM DEL /Y .\CERTINDEX.TXT REM ECHO " ">CERTINDEX.TXT REM REM --> GENERER CLESYMETRIQUE RSA REM openssl genrsa -des3 -out privkey.pem 2048 REM --> GENERER FICHIER SERIAL echo 00>serial REM --> GENERER FICHIER CERTINDEX copy /Y certindex.dat certindex.txt REM --> GENERER CERTIFICAT RACINE openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365 -config openssl.cnf REM --> GENERER DEMANDE CERTIFICAT openssl req -new -nodes -out namereq.pem -keyout namekey.pem -days 365 -config openssl.cnf REM --> GENERER CERTIFICAT openssl ca -out namecert.pem -days 365 -config openssl.cnf -infiles namereq.pem REM --> GENERER .P12 openssl pkcs12 -export -in namecert.pem -inkey namekey.pem -certfile cacert.pem -name "CA SSO" -out namecert.p12 REM --> EXTRACTION DU CERTIFICAT openssl pkcs12 -in namecert.p12 -out namecert.cert.pem -nokeys -clcerts REM --> GENERATION HASH SHA1 openssl x509 -in namecert.cert.pem -sha1 -fingerprint > fingerprint.txt REM --> EXTRACTION CLE PRIVEE DU CERTIFICAT openssl pkcs12 -in namecert.p12 -out namecert.priv.pem -nocerts -clcerts REM --> CONVERSION DE LA CLE AU FORMAT PKCS8 DER openssl pkcs8 -in namecert.priv.pem -out namecert.p8.der -topk8 -outform der REM --> CONVERSION DE LA CLE AU FORMAT HEXADECIMAL od -t x1 namecert.p8.der > namecert.p8.txt