@Echo off set temp_path=%path% path %path%;C:\Progra~1\OpenSSL Echo. Echo Simple CA utility Echo Written by Artur Maj (artur.maj@seccure.net) Echo. if %1.==genca. goto genca if %1.==client. goto client if %1.==server. goto server :help Echo Usage: Echo ca genca - generate CA certificate Echo ca server - generate and sign server certificate Echo ca client - generate and sign client certificate Echo. goto exit :genca if not exist C:\progra~1\OpenSSL\openssl.exe goto ssldoesntexist if not exist C:\CA goto genca2 Echo Warning! Echo The content of the C:\CA directory will be removed. Echo Press CTRL-C to break, or ENTER to continue... Echo. pause > nul Echo Removing C:\CA... rmdir /S /Q C:\CA > nul rem deltree /Y C:\CA > nul goto genca3 :genca2 Echo The script will create the C:\CA directory structure needed by Echo OpenSSL, and generate CA Certificate. Echo. Echo Press CTRL-C to break, or ENTER to continue... Echo. pause > nul :genca3 Echo Creating C:\CA... mkdir C:\CA Echo Creating C:\CA\certs... mkdir C:\CA\certs Echo Creating C:\CA\crl... mkdir C:\CA\crl Echo Creating C:\CA\newcerts... mkdir C:\CA\newcerts Echo Creating C:\CA\private... mkdir C:\CA\private Echo Creating C:\CA\temp... mkdir C:\CA\temp Echo Creating CA index file... copy nul C:\CA\index.txt > nul Echo Creating CA serial file... echo 01> C:\CA\serial Echo. Echo -------------------------------------------------------------------- Echo Generating the CA's certificate... Echo -------------------------------------------------------------------- Echo. openssl req -new -x509 -keyout C:\CA\private\CAkey.pem -out C:\CA\CAcert.pem -config c:\progra~1\OpenSSL\openssl.conf goto exit :client if not exist C:\progra~1\OpenSSL\openssl.exe goto ssldoesntexist if not exist C:\CA\CAcert.pem goto cadoesntexist if not exist C:\CA\temp\vnc_client goto client2 Echo Warning! Echo The content of the C:\CA\temp\vnc_client directory will be removed. Echo Press CTRL-C to break, or ENTER to continue... pause > nul rmdir /s /q C:\CA\temp\vnc_client > nul rem deltree /Y C:\CA\temp\vnc_client > nul :client2 mkdir C:\CA\temp\vnc_client Echo -------------------------------------------------------------------- Echo Step 1: Generate the keys and the certificate request Echo -------------------------------------------------------------------- Echo. openssl req -nodes -config C:\Progra~1\OpenSSL\openssl.conf -new -newkey rsa:1024 -keyout C:\CA\temp\vnc_client\client.key -out C:\CA\temp\vnc_client\client.req Echo. Echo -------------------------------------------------------------------- Echo Step 2: Sign the certificate Echo -------------------------------------------------------------------- Echo. openssl ca -config C:\Progra~1\OpenSSL\openssl.conf -policy policy_anything -notext -in C:\CA\temp\vnc_client\client.req -out C:\CA\temp\vnc_client\client.crt copy C:\CA\temp\vnc_client\client.key + C:\CA\temp\vnc_client\client.crt C:\CA\temp\vnc_client\client.pem > nul del /Q C:\CA\temp\vnc_client\client.req goto exit :server if not exist C:\progra~1\OpenSSL\openssl.exe goto ssldoesntexist if not exist C:\CA\CAcert.pem goto cadoesntexist if not exist C:\CA\temp\vnc_server goto server2 Echo Warning! Echo The content of the C:\CA\temp\vnc_server directory will be removed. Echo Press CTRL-C to break, or ENTER to continue... pause > nul rmdir /s /q C:\CA\temp\vnc_server > nul rem deltree /Y C:\CA\temp\vnc_server > nul :server2 mkdir C:\CA\temp\vnc_server Echo -------------------------------------------------------------------- Echo Step 1: Generate the keys and the certificate request Echo -------------------------------------------------------------------- Echo. openssl req -nodes -config C:\Progra~1\OpenSSL\openssl.conf -new -newkey rsa:1024 -keyout C:\CA\temp\vnc_server\server.key -out C:\CA\temp\vnc_server\server.req Echo. Echo -------------------------------------------------------------------- Echo Step 2: Sign the certificate Echo -------------------------------------------------------------------- Echo. openssl ca -config C:\Progra~1\OpenSSL\openssl.conf -policy policy_anything -notext -in C:\CA\temp\vnc_server\server.req -out C:\CA\temp\vnc_server\server.crt copy C:\CA\temp\vnc_server\server.key + C:\CA\temp\vnc_server\server.crt C:\CA\temp\vnc_server\server.pem > nul del /Q C:\CA\temp\vnc_server\server.req goto exit :ssldoesntexist Echo Error while accessing C:\Progra~1\OpenSSL\openssl.exe! goto exit :cadoesntexist Echo CA certificate doesn't exist! Run "ca genca" first. Echo. goto exit :exit path %temp_path%