2 # this script generates a set of sample keys
11 ####### create various extensions files for the various certificate types ######
13 basicConstraints = critical,CA:true
14 keyUsage =critical, keyCertSign, cRLSign
16 subjectKeyIdentifier = hash
17 authorityKeyIdentifier = keyid:always
19 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
20 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
26 if [[ "$1" != "root" ]] ; then
30 cat <<TESTCA > subca.cnf
32 basicConstraints =critical, CA:true
33 keyUsage =critical, keyCertSign, cRLSign
35 subjectKeyIdentifier = hash
36 authorityKeyIdentifier = keyid:always
38 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
39 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
41 certificatePolicies=@polsect
44 policyIdentifier = 1.3.6.1.4.1.18506.9.2.${CPSID}
45 CPS.1="http://g2.cps.${DOMAIN}/g2/${KNAME}.cps"
49 caSign "$1.ca/key" root $POLICY
53 # Generate the super Root CA
54 genca "/CN=Cacert-gigi testCA" root
55 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
58 # generate the various sub-CAs
59 for ca in $STRUCT_CAS; do