X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=generateInfra.sh;h=012e6b70feb8e63c87c0f5d2d96bdf78351e3815;hb=21a8fdc3409fbdd05342e95f507d8eab8609c710;hp=c6cc9e860986254ad3e5c730e33c643a94791637;hpb=69a024b8652e0f0c5203954f322b79a3f0096446;p=nre.git diff --git a/generateInfra.sh b/generateInfra.sh index c6cc9e8..012e6b7 100755 --- a/generateInfra.sh +++ b/generateInfra.sh @@ -8,16 +8,19 @@ year=$1 . structure . commonFunctions +cd generated + CRL=" -crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env.crl -authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env.crt" +crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl +authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt" cat < req.cnf basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage=serverAuth + subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always +authorityKeyIdentifier = keyid:always $CRL TESTCA @@ -25,8 +28,9 @@ cat < reqClient.cnf basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage=clientAuth + subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always +authorityKeyIdentifier = keyid:always $CRL TESTCA @@ -34,15 +38,16 @@ cat < reqMail.cnf basicConstraints = critical,CA:false keyUsage = keyEncipherment, digitalSignature extendedKeyUsage=emailProtection + subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always +authorityKeyIdentifier = keyid:always $CRL TESTCA genserver(){ #key, subject, config openssl genrsa -out $1.key ${KEYSIZE} openssl req -new -key $1.key -out $1.csr -subj "$2" - caSign $1 $year/ca/env_${year}_1 "$3" + caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}" openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12