os/security/cryptoservices/certificateandkeymgmt/testcertificates/openssl/generateCerts.pl
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/testcertificates/openssl/generateCerts.pl Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,278 @@
1.4 +#
1.5 +# Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +# All rights reserved.
1.7 +# This component and the accompanying materials are made available
1.8 +# under the terms of the License "Eclipse Public License v1.0"
1.9 +# which accompanies this distribution, and is available
1.10 +# at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +#
1.12 +# Initial Contributors:
1.13 +# Nokia Corporation - initial contribution.
1.14 +#
1.15 +# Contributors:
1.16 +#
1.17 +# Description:
1.18 +# Generate certs for testing OCSP against OpenSSL implementation
1.19 +#
1.20 +
1.21 +
1.22 +# address of the Root5 responder, needed for Authority Info Access cert
1.23 +my $ocspR5addr = "http://cam-ocsptest01.intra:19003";
1.24 +
1.25 +# Address of the Apache server used for serving remote JAR files
1.26 +my $apacheaddr = "cam-ocsptest01.intra";
1.27 +
1.28 +
1.29 +sub head(@)
1.30 +{
1.31 + my $src=shift(@_);
1.32 + my $dest=shift(@_);
1.33 + my $lines=shift(@_);
1.34 +
1.35 + open(IN,"< $src") or print("Can't open $src");
1.36 + open(OUT,"> $dest") or print("Can't open $dest");
1.37 +
1.38 + for (my $count=0; $count < $lines; $count++)
1.39 + {
1.40 + my $fline=<IN>;
1.41 + print OUT $fline;
1.42 + }
1.43 + close(IN);
1.44 + close(OUT);
1.45 +}
1.46 +
1.47 +sub createfile(@)
1.48 +{
1.49 + open(TOUCH,">shift(@_)");
1.50 + close(TOUCH);
1.51 +}
1.52 +
1.53 +# Create ca files
1.54 +sub mkcadirs(@)
1.55 +{
1.56 + my $cadir=shift(@_);
1.57 +
1.58 + unlink($cadir);
1.59 + mkdir($cadir);
1.60 + open(TOUCH,">$cadir\\index.txt");
1.61 + close(TOUCH);
1.62 + system("echo 01 > $cadir\\serial");
1.63 + mkdir "$cadir\\private" ;
1.64 + mkdir "$cadir\\certs";
1.65 +}
1.66 +
1.67 +
1.68 +
1.69 +
1.70 +
1.71 +# Trash existing data
1.72 +
1.73 +use File::Path;
1.74 +
1.75 +rmtree ("Root1",0,true);
1.76 +rmtree ("Root2",0,true);
1.77 +rmtree ("Root5",0,true);
1.78 +rmtree ("OCSPSigningRoot",0,true);
1.79 +rmtree ("Apache",0,true);
1.80 +rmtree ("Certs",0,true);
1.81 +mkdir "Certs";
1.82 +
1.83 +
1.84 +
1.85 +#############################################################
1.86 +## OCSP Certificates for testing
1.87 +##
1.88 +## There are three roots for testing OCSP, Root1, Root2 and Root5
1.89 +##
1.90 +#############################################################
1.91 +
1.92 +
1.93 +
1.94 +# Root1 ##########################################################################
1.95 +
1.96 +mkcadirs("Root1");
1.97 +$cert_path = "$ENV{'SECURITYSOURCEDIR'}\\testframework\\testcertificates\\certman\\testcertificates";
1.98 +
1.99 +# Generate root cert
1.100 +system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root1\\private\\ca.key.pem -out Root1\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root1-RSA\" -days 3650 -nodes");
1.101 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root1-RSA.der");
1.102 +
1.103 +# Generate Expired-R1
1.104 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Expired-R1.key.pem -out Root1\\Expired-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R1\" -days 3650 -nodes");
1.105 +system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Expired-R1.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z");
1.106 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Expired-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R1.der");
1.107 +
1.108 +# Generate Good-R1
1.109 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Good-R1.key.pem -out $cert_path\\openssl\\Root1\\Good-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R1\" -days 3650 -nodes");
1.110 +system("openssl ca -config openssl.config -out $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -name Root1 -in Root1\\Good-R1.req.pem -batch -days 3650");
1.111 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Good-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R1.der");
1.112 +
1.113 +# Generate Revoked-R1
1.114 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Revoked-R1.key.pem -out $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R1\" -days 3650 -nodes");
1.115 +system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Revoked-R1.req.pem -batch -days 3650");
1.116 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R1.der");
1.117 +system("openssl ca -config openssl.config -name Root1 -revoke $cert_path\\openssl\\Root1\\Certs\\Revoked-R1.pem -crl_reason keyCompromise");
1.118 +
1.119 +# Generate Unknown-R1
1.120 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\Unknown-R1.key.pem -out $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R1\" -days 3650 -nodes");
1.121 +system("openssl ca -out $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -config openssl.config -name Root1 -in $cert_path\\openssl\\Root1\\Unknown-R1.req.pem -batch -days 3650");
1.122 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\Unknown-R1.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R1.der");
1.123 +
1.124 +# remove Unknown-R1 from the CA
1.125 +rename("Root1\\index.txt","Root1\\index.txt.new");
1.126 +head("Root1\\index.txt.new","Root1\\index.txt",3);
1.127 +unlink("Root1\\Certs\\Unknown-R1.pem.pem");
1.128 +unlink("Root1\\index.txt.new");
1.129 +
1.130 +# Generate OCSPSigner-R1
1.131 +system("openssl req -extensions NoOCSP_Ext -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root1\\private\\OCSPSigner-R1.key.pem -out $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R1\" -days 3650 -nodes");
1.132 +system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root1 -in $cert_path\\openssl\\Root1\\OCSPSigner-R1.req.pem -batch -days 3650");
1.133 +system("openssl x509 -in $cert_path\\openssl\\Root1\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R1.der");
1.134 +
1.135 +
1.136 +# Root2 ##########################################################################
1.137 +
1.138 +mkcadirs("Root2");
1.139 +
1.140 +
1.141 +system("openssl dsaparam -out Root2\\dsaparam.pem 1024");
1.142 +my $keyParams= "-newkey dsa:Root2\\dsaparam.pem";
1.143 +
1.144 +# my $keyParams="-newkey rsa:1024";
1.145 +
1.146 +
1.147 +
1.148 +# Generate root cert
1.149 +system("openssl req -extensions NoOCSP_Ext -config openssl.config -x509 $keyParams -keyout $cert_path\\openssl\\Root2\\private\\ca.key.pem -out $cert_path\\openssl\\Root2\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root2-DSA\" -days 6000 -nodes");
1.150 +system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root2-DSA.der");
1.151 +
1.152 +# Generate Expired-R2
1.153 +system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Expired-R2.key.pem -out $cert_path\\openssl\\Root2\\Expired-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R2\" -days 3650 -nodes");
1.154 +system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Expired-R2.req.pem -batch -out $cert_path\\openssl\\Root2\\Certs\\Expired-R2.pem -startdate 820203120000Z -enddate 820203120001Z");
1.155 +system("openssl x509 -in Root2\\Certs\\Expired-R2.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R2.der");
1.156 +
1.157 +# Generate Good-R2
1.158 +system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Good-R2.key.pem -out $cert_path\\openssl\\Root2\\Good-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R2\" -days 3650 -nodes");
1.159 +system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Good-R2.req.pem -batch -days 3650");
1.160 +system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R2.der");
1.161 +
1.162 +# Generate Revoked-R2
1.163 +system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Revoked-R2.key.pem -out $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R2\" -days 3650 -nodes");
1.164 +system("openssl ca -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\Revoked-R2.req.pem -batch -days 3650");
1.165 +system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R2.der");
1.166 +system("openssl ca -config openssl.config -name Root2 -revoke Root2\\Certs\\03.pem -crl_reason keyCompromise");
1.167 +
1.168 +# Generate Unknown-R2
1.169 +system("openssl req -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\Unknown-R2.key.pem -out Root2\\Unknown-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R2\" -days 3650 -nodes");
1.170 +system("openssl ca -config openssl.config -name Root2 -in $cert_path\\openssl\\Root2\\Unknown-R2.req.pem -batch -days 3650");
1.171 +system("openssl x509 -in Root2\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R2.der");
1.172 +
1.173 +# remove Unknown-R2 from the CA
1.174 +rename("Root2\\index.txt","Root2\\index.txt.new");
1.175 +head("Root2\\index.txt.new","Root2\\index.txt",3);
1.176 +unlink("Root2\\Certs\\04.pem");
1.177 +
1.178 +
1.179 +# Generate OCSPSigner-R2
1.180 +system("openssl req -extensions NoOCSP_Ext -config openssl.config $keyParams -keyout $cert_path\\openssl\\Root2\\private\\OCSPSigner-R2.key.pem -out $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R2\" -days 6000 -nodes");
1.181 +system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root2 -in $cert_path\\openssl\\Root2\\OCSPSigner-R2.req.pem -batch -days 6000");
1.182 +system("openssl x509 -in $cert_path\\openssl\\Root2\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R2.der");
1.183 +
1.184 +
1.185 +# Root5 ##########################################################################
1.186 +
1.187 +mkcadirs("Root5");
1.188 +
1.189 +# Generate root cert
1.190 +system("openssl req -extensions Root5_Root_Ext -config openssl.config -x509 -newkey rsa:1024 -keyout Root5\\private\\ca.key.pem -out Root5\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=Root5-RSA\" -days 3650 -nodes");
1.191 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\Root5-RSA.der");
1.192 +
1.193 +# Generate Expired-R5
1.194 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Expired-R5.key.pem -out Root5\\Expired-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Expired-R5\" -days 3650 -nodes");
1.195 +system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Expired-R5.req.pem -batch -startdate 820203120000Z -enddate 820203120001Z");
1.196 +system("openssl x509 -in Root5\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Expired-R5.der");
1.197 +
1.198 +# Generate Good-R5
1.199 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout Root5\\private\\Good-R5.key.pem -out Root5\\Good-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-R5\" -days 3650 -nodes");
1.200 +system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in Root5\\Good-R5.req.pem -batch -days 3650");
1.201 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\02.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-R5.der");
1.202 +
1.203 +# Generate Revoked-R5
1.204 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Revoked-R5.key.pem -out $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Revoked-R5\" -days 3650 -nodes");
1.205 +system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Revoked-R5.req.pem -batch -days 3650");
1.206 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\03.pem -outform DER -out $cert_path\\openssl\\Certs\\Revoked-R5.der");
1.207 +system("openssl ca -config openssl.config -name Root5 -revoke $cert_path\\openssl\\Root5\\Certs\\03.pem -crl_reason keyCompromise");
1.208 +
1.209 +# Generate Unknown-R5
1.210 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Unknown-R5.key.pem -out $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Unknown-R5\" -days 3650 -nodes");
1.211 +system("openssl ca -extensions Root5_Ext -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Unknown-R5.req.pem -batch -days 3650");
1.212 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\04.pem -outform DER -out $cert_path\\openssl\\Certs\\Unknown-R5.der");
1.213 +
1.214 +# remove Unknown-R5 from the CA
1.215 +rename("Root5\\index.txt","Root5\\index.txt.new");
1.216 +head("Root5\\index.txt.new","Root5\\index.txt",3);
1.217 +unlink("$cert_path\\openssl\\Root5\\Certs\\04.pem");
1.218 +
1.219 +
1.220 +# Generate Mid-R5
1.221 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\Mid-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=Mid-R5\" -days 3650 -nodes");
1.222 +system("openssl ca -extensions Root5_Mid -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Mid-R5.req.pem -batch -days 3650");
1.223 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\05.pem -outform DER -out $cert_path\\openssl\\Certs\\Mid-R5.der");
1.224 +
1.225 +use File::Copy;
1.226 +
1.227 +copy("$cert_path\\openssl\\Root5\\private\\ca.key.pem","$cert_path\\openssl\\Root5-Mid\\Private\\Mid-R5.key.pem");
1.228 +copy("$cert_path\\openssl\\Root5\\Certs\\05.pem","$cert_path\\openssl\\Root5-Mid\\Certs\\Mid-R5.pem");
1.229 +
1.230 +system("openssl req -config openssl.config -extensions Root5_Mid_EE -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Good-M5.key.pem -out $cert_path\\openssl\\Root5\\Good-M5.req.pem -subj \"/O=Symbian Software Ltd/CN=Good-M5\" -days 3650 -nodes");
1.231 +system("openssl x509 -extfile Good-M5.extensions -req -in $cert_path\\openssl\\Root5\\Good-M5.req.pem -CA $cert_path\\openssl\\Root5\\certs\\05.pem -CAkey $cert_path\\openssl\\Root5\\private\\Mid-R5.key.pem -out $cert_path\\openssl\\Root5\\private\\Good-M5.cert.pem -CAserial Root5\\serial");
1.232 +system("openssl x509 -in Root5\\private\\Good-M5.cert.pem -outform DER -out $cert_path\\openssl\\Certs\\Good-M5.der");
1.233 +
1.234 +
1.235 +# Generate OCSPSigner-R5
1.236 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\OCSPSigner-R5.key.pem -out $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigner-R5\" -days 6000 -nodes");
1.237 +system("openssl ca -extensions NoOCSP_Ext -config openssl.config -name $cert_path\\openssl\\Root5 -in $cert_path\\openssl\\Root5\\OCSPSigner-R5.req.pem -batch -days 6000");
1.238 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\07.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigner-R5.der");
1.239 +
1.240 +
1.241 +#Generate GoodAIA-R5 cert, server specified in cert extension
1.242 +open(AIAEXT,">GoodAIA-R5.extension");
1.243 +print AIAEXT "authorityInfoAccess = OCSP;URI:$ocspR5addr";
1.244 +close(AIAEXT);
1.245 +
1.246 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\GoodAIA-R5.key.pem -out $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=GoodAIA-R5\" -days 3650 -nodes");
1.247 +system("openssl ca -extfile GoodAIA-R5.extension -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\GoodAIA-R5.req.pem -batch -days 3650");
1.248 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\08.pem -outform DER -out $cert_path\\openssl\\Certs\\GoodAIA-R5.der");
1.249 +
1.250 +unlink "GoodAIA-R5.extension";
1.251 +
1.252 +
1.253 +# Apache certificate stuff
1.254 +
1.255 +mkdir("Apache");
1.256 +
1.257 +
1.258 +#Generate Apache-R5 cert, certificate used for SSL on apache server
1.259 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\Root5\\private\\Apache-R5.key.pem -out Root5\\Apache-R5.req.pem -subj \"/O=Symbian Software Ltd/CN=$apacheaddr\" -days 6000 -nodes");
1.260 +system("openssl ca -config openssl.config -name Root5 -in $cert_path\\openssl\\Root5\\Apache-R5.req.pem -batch -days 6000");
1.261 +system("openssl x509 -in $cert_path\\openssl\\Root5\\Certs\\09.pem -outform DER -out $cert_path\\openssl\\Certs\\Apache-R5.der");
1.262 +
1.263 +copy("Root5\\Certs\\09.pem","$cert_path\\openssl\\Apache\\Apache-R5.pem");
1.264 +copy("Root5\\private\\$cert_path\\openssl\\Apache-R5.key.pem","$cert_path\\openssl\\Apache\\Apache-R5.key.pem");
1.265 +
1.266 +copy("$cert_path\\openssl\\Root5\\Certs\ca.pem","$cert_path\\openssl\\Apache\\Root5-RSA.pem");
1.267 +
1.268 +
1.269 +# OCSPSigningRoot ##########################################################################
1.270 +
1.271 +mkcadirs("OCSPSigningRoot");
1.272 +
1.273 +# Generate root cert
1.274 +system("openssl req -config openssl.config -x509 -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\ca.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -subj \"/O=Symbian Software Ltd/CN=OCSPSigningRoot-RSA\" -days 3650 -nodes");
1.275 +system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\ca.pem -outform DER -out $cert_path\\openssl\\Certs\\OCSPSigningRoot-RSA.der");
1.276 +
1.277 +# Generate Signer-OCSPR
1.278 +system("openssl req -config openssl.config -newkey rsa:1024 -keyout $cert_path\\openssl\\OCSPSigningRoot\\private\\Signer-OCSPR.key.pem -out $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -subj \"/O=Symbian Software Ltd/CN=Signer-OCSPR\" -days 3650 -nodes");
1.279 +system("openssl ca -config openssl.config -name OCSPSigningRoot -in $cert_path\\openssl\\OCSPSigningRoot\\Signer-OCSPR.req.pem -batch -days 3650");
1.280 +system("openssl x509 -in $cert_path\\openssl\\OCSPSigningRoot\\Certs\\01.pem -outform DER -out $cert_path\\openssl\\Certs\\Signer-OCSPR.der");
1.281 +