|  | $! TESTSS.COM | 
|  | $ | 
|  | $	__arch := VAX | 
|  | $	if f$getsyi("cpu") .ge. 128 then __arch := AXP | 
|  | $	exe_dir := sys$disk:[-.'__arch'.exe.apps] | 
|  | $ | 
|  | $	digest="-md5" | 
|  | $	reqcmd := mcr 'exe_dir'openssl req | 
|  | $	x509cmd := mcr 'exe_dir'openssl x509 'digest' | 
|  | $	verifycmd := mcr 'exe_dir'openssl verify | 
|  | $	dummycnf := sys$disk:[-.apps]openssl-vms.cnf | 
|  | $ | 
|  | $	CAkey="""keyCA.ss""" | 
|  | $	CAcert="""certCA.ss""" | 
|  | $	CAreq="""reqCA.ss""" | 
|  | $	CAconf="""CAss.cnf""" | 
|  | $	CAreq2="""req2CA.ss"""	! temp | 
|  | $ | 
|  | $	Uconf="""Uss.cnf""" | 
|  | $	Ukey="""keyU.ss""" | 
|  | $	Ureq="""reqU.ss""" | 
|  | $	Ucert="""certU.ss""" | 
|  | $ | 
|  | $	write sys$output "" | 
|  | $	write sys$output "make a certificate request using 'req'" | 
|  | $ | 
|  | $	set noon | 
|  | $	define/user sys$output nla0: | 
|  | $	mcr 'exe_dir'openssl no-rsa | 
|  | $	save_severity=$SEVERITY | 
|  | $	set on | 
|  | $	if save_severity | 
|  | $	then | 
|  | $	    req_new="-newkey dsa:[-.apps]dsa512.pem" | 
|  | $	else | 
|  | $	    req_new="-new" | 
|  | $	endif | 
|  | $ | 
|  | $	'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "error using 'req' to generate a certificate request" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $	write sys$output "" | 
|  | $	write sys$output "convert the certificate request into a self signed certificate using 'x509'" | 
|  | $	define /user sys$output err.ss | 
|  | $	'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "error using 'x509' to self sign a certificate request" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	write sys$output "" | 
|  | $	write sys$output "convert a certificate into a certificate request using 'x509'" | 
|  | $	define /user sys$output err.ss | 
|  | $	'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "error using 'x509' convert a certificate to a certificate request" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "first generated request is invalid" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "second generated request is invalid" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	'verifycmd' "-CAfile" 'CAcert' 'CAcert' | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "first generated cert is invalid" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	write sys$output "" | 
|  | $	write sys$output "make another certificate request using 'req'" | 
|  | $	define /user sys$output err.ss | 
|  | $	'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "error using 'req' to generate a certificate request" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	write sys$output "" | 
|  | $	write sys$output "sign certificate request with the just created CA via 'x509'" | 
|  | $	define /user sys$output err.ss | 
|  | $	'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' | 
|  | $	if $severity .ne. 1 | 
|  | $	then | 
|  | $		write sys$output "error using 'x509' to sign a certificate request" | 
|  | $		exit 3 | 
|  | $	endif | 
|  | $ | 
|  | $	'verifycmd' "-CAfile" 'CAcert' 'Ucert' | 
|  | $	write sys$output "" | 
|  | $	write sys$output "Certificate details" | 
|  | $	'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' | 
|  | $ | 
|  | $	write sys$output "" | 
|  | $	write sys$output "The generated CA certificate is ",CAcert | 
|  | $	write sys$output "The generated CA private key is ",CAkey | 
|  | $ | 
|  | $	write sys$output "The generated user certificate is ",Ucert | 
|  | $	write sys$output "The generated user private key is ",Ukey | 
|  | $ | 
|  | $	if f$search("err.ss;*") .nes. "" then delete err.ss;* |