:: genssl2k.bat.txt v.1
:: ##############################################################################################
:: #
:: #  2k ssl certificate generator script from scratch
:: #  by olivier.poudade@free.fr 09/10/2006
:: #  disclaimer : author not liable for any use 
:: # 
:: ##############################################################################################
REM to import to certmgr.exe as pfx/p12, or use directly to EFS crypt
REM openssl genrsa -des3 -out privkey.pem 2048
REM ---------------> CREATE CERTIFICATES SERIAL
REM ECHO '862425416841864168879872598279827979'>SERIAL
REM ---------------> CREATE CERTIFICATES INDEX
REM DEL /Y  .\CERTINDEX.TXT
REM ECHO " ">CERTINDEX.TXT 
REM REM --> GENERER  CLESYMETRIQUE RSA
REM openssl genrsa -des3 -out privkey.pem 2048
REM --> GENERER FICHIER SERIAL
echo 00>serial
REM --> GENERER FICHIER CERTINDEX
copy /Y certindex.dat certindex.txt
REM --> GENERER CERTIFICAT RACINE
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem  -days 365 -config openssl.cnf
REM --> GENERER DEMANDE CERTIFICAT
openssl req -new -nodes -out namereq.pem -keyout namekey.pem -days 365 -config openssl.cnf
REM --> GENERER CERTIFICAT
openssl ca -out namecert.pem -days 365 -config openssl.cnf -infiles namereq.pem
REM --> GENERER .P12
openssl pkcs12 -export -in namecert.pem -inkey namekey.pem -certfile cacert.pem -name "CA SSO" -out namecert.p12
REM --> EXTRACTION DU CERTIFICAT
openssl pkcs12 -in namecert.p12 -out namecert.cert.pem -nokeys -clcerts
REM --> GENERATION HASH SHA1
openssl x509 -in namecert.cert.pem -sha1 -fingerprint > fingerprint.txt
REM --> EXTRACTION CLE PRIVEE DU CERTIFICAT
openssl pkcs12 -in namecert.p12 -out namecert.priv.pem -nocerts -clcerts
REM --> CONVERSION DE LA CLE AU FORMAT PKCS8 DER
openssl pkcs8 -in namecert.priv.pem  -out namecert.p8.der -topk8 -outform der
REM --> CONVERSION DE LA CLE AU FORMAT HEXADECIMAL
od -t x1 namecert.p8.der > namecert.p8.txt