diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh index 301cff28..920513a1 100755 --- a/sample/sample-keys/gen-sample-keys.sh +++ b/sample/sample-keys/gen-sample-keys.sh @@ -61,6 +61,22 @@ openssl ca -batch -config openssl.cnf \ openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl +# Create DSA server and client cert (signed by 'regular' RSA CA) +openssl dsaparam -out sample-ca/dsaparams.pem 2048 + +openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \ + -extensions server \ + -keyout sample-ca/server-dsa.key -out sample-ca/server-dsa.csr \ + -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-DSA/emailAddress=me@myhost.mydomain" +openssl ca -batch -config openssl.cnf -extensions server \ + -out sample-ca/server-dsa.crt -in sample-ca/server-dsa.csr + +openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \ + -keyout sample-ca/client-dsa.key -out sample-ca/client-dsa.csr \ + -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-DSA/emailAddress=me@myhost.mydomain" +openssl ca -batch -config openssl.cnf \ + -out sample-ca/client-dsa.crt -in sample-ca/client-dsa.csr + # Create EC server and client cert (signed by 'regular' RSA CA) openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1