4 genKey(){ #subj, internalName
5 openssl genrsa -out $2.key ${KEYSIZE}
6 openssl req -new -key $2.key -out $2.csr -subj "$1/O=Test Environment CA Ltd./OU=Test Environment CAs"
10 genca(){ #subj, internalName
13 genKey "$1" "$2.ca/key"
16 echo 01 > $2.ca/serial
18 echo unique_subject = no >$2.ca/db.attr
22 caSign(){ # csr,ca,config,start,end
25 [[ "$start" != "" ]] && start="-startdate $start"
26 [[ "$end" != "" ]] && end="-enddate $end"
27 [[ "$start" == "" && "$end" == "" ]] && start="$ROOT_VALIDITY"
29 echo "Signing: $BASE/$1 with $2"
31 pushd $2.ca > /dev/null
32 if [[ "$2" == "root" && "$1" == root.* ]]; then
35 signkey="-cert key.crt"
37 openssl ca $signkey -keyfile key.key -in "$BASE/$1.csr" -out "$BASE/$1.crt" -batch -config "$BASE/../selfsign.config" -extfile "$BASE/$3" $start $end