X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=generateKeys.sh;h=d5d4750d30cb57d6f43f66f86b418a199395ac7d;hb=21a8fdc3409fbdd05342e95f507d8eab8609c710;hp=27d86a70591482c95a9914cbd1f736f416be9875;hpb=2d5c169f43c88c0abedf60990b1fd622e8261b49;p=nre.git

diff --git a/generateKeys.sh b/generateKeys.sh
index 27d86a7..d5d4750 100755
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -1,26 +1,34 @@
-#!/bin/sh
+#!/bin/bash
 # this script generates a set of sample keys
 set -e
 
 . structure
 . commonFunctions
 
+mkdir -p generated
+cd generated
 
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 
@@ -31,11 +39,12 @@ rootSign(){ # csr
 
 # Generate the super Root CA
 genca "/CN=Cacert-gigi testCA" root
-openssl x509 -req -days 365 -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+#echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+rootSign root
 
 # generate the various sub-CAs
 for ca in $STRUCT_CAS; do
-    . CAs/$ca
+    . ../CAs/$ca
     genca "/CN=$name" $ca
     rootSign $ca
 done