$ if f$getsyi("cpu") .ge. 128 then __arch := AXP
$ exe_dir := sys$disk:[-.'__arch'.exe.apps]
$
-$ digest="-mdc2"
+$ digest="-md5"
$ reqcmd := mcr 'exe_dir'openssl req
$ x509cmd := mcr 'exe_dir'openssl x509 'digest'
$ verifycmd := mcr 'exe_dir'openssl verify
+$ dummycnf := sys$disk:[-.apps]openssl-vms.cnf
$
$ CAkey="""keyCA.ss"""
$ CAcert="""certCA.ss"""
$
$ write sys$output ""
$ write sys$output "make a certificate request using 'req'"
-$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ req_new="-newkey dsa:[-.apps]dsa512.pem"
+$ else
+$ req_new="-new"
+$ endif
+$
+$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'req' to generate a certificate request"
$ exit 3
$ endif
$
-$ 'reqcmd' -verify -in 'CAreq' -noout
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
$ if $severity .ne. 1
$ then
$ write sys$output "first generated request is invalid"
$ exit 3
$ endif
$
-$ 'reqcmd' -verify -in 'CAreq2' -noout
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
$ if $severity .ne. 1
$ then
$ write sys$output "second generated request is invalid"
$ write sys$output ""
$ write sys$output "make another certificate request using 'req'"
$ define /user sys$output err.ss
-$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new
+$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
$ if $severity .ne. 1
$ then
$ write sys$output "error using 'req' to generate a certificate request"
$ write sys$output "The generated user certificate is ",Ucert
$ write sys$output "The generated user private key is ",Ukey
$
-$ delete err.ss;*
+$ if f$search("err.ss;*") .nes. "" then delete err.ss;*