2 cd -- "$(dirname -- "$0")"
4 [[ -d demoCA ]] && return
6 openssl req -new -newkey rsa:4096 -nodes -keyout demoCA/ca.key -out demoCA/ca.csr -subj "/CN=signerCA"
9 echo 01 > demoCA/serial
10 echo "unique_subject = no" > demoCA/index.txt.attr
11 openssl ca -config mkcassiopeia-openssl.cnf -create_serial -out demoCA/ca.crt -days 700 -batch -keyfile demoCA/ca.key \
12 -selfsign -policy policy_anything -extensions v3_ca -infiles demoCA/ca.csr
18 [[ -f "$keyName.crt" ]] && return
19 openssl req -new -newkey rsa:4096 -nodes -subj "/CN=$name" -keyout "$keyName.key" -out "$keyName.csr"
20 chmod +r "$keyName.key"
21 openssl ca -config mkcassiopeia-openssl.cnf -days 700 \
22 -batch -extfile <(printf "basicConstraints=critical, CA:FALSE\nkeyUsage=critical, digitalSignature, keyEncipherment, keyAgreement\nextendedKeyUsage=$eku\n") \
23 -policy policy_anything -out "$keyName.crt" -keyfile demoCA/ca.key -cert demoCA/ca.crt -infiles "$keyName.csr"
29 cp -v demoCA/ca.crt files/ca.crt
30 genKey signer-server serverAuth files/signer_server
31 genKey signer-client clientAuth files/signer_client