-genca "/CN=Environment" env
-rootSign env
-genca "/CN=Unassured" unassured
-rootSign unassured
-genca "/CN=Assured" assured
-rootSign assured
-genca "/CN=Codesigning" codesign
-rootSign codesign
-genca "/CN=Orga" orga
-rootSign orga
-genca "/CN=Orga sign" orgaSign
-rootSign orgaSign
-
-genca "/CN=Environment 2015-1" env15_1
-genTimeCA env15_1.ca/key env
-genKey "/CN=Unassured 2015-1" unassured15_1
-genTimeCA unassured15_1 unassured
-
-cat env15_1.ca/key.crt env.ca/key.crt root.ca/key.crt > env.chain.crt
-
-# generate environment-keys specific to gigi.
-# first the server keys
-genserver www "/CN=www.${DOMAIN}" req.cnf
-genserver secure "/CN=secure.${DOMAIN}" req.cnf
-genserver static "/CN=static.${DOMAIN}" req.cnf
-genserver api "/CN=api.${DOMAIN}" req.cnf
-
-# then the email signing key
-genserver mail "/emailAddress=support@${DOMAIN}" reqMail.cnf
-
-# then environment-keys for cassiopeia
-genserver signer_client "/CN=CAcert signer handler 1" reqClient.cnf
-genserver signer_server "/CN=CAcert signer 1" req.cnf
-
-rm ca.cnf subca.cnf req.cnf reqMail.cnf reqClient.cnf
-
-for local in www secure static api signer_client signer_server mail; do
- openssl verify -CAfile root.ca/key.crt -untrusted env.chain.crt $local.crt