5 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
12 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl
13 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/$year/env-1.crt"
15 cat <<TESTCA > req.cnf
16 basicConstraints = critical,CA:false
17 keyUsage = keyEncipherment, digitalSignature
18 extendedKeyUsage=serverAuth
20 subjectKeyIdentifier = hash
21 authorityKeyIdentifier = keyid:always
25 cat <<TESTCA > reqClient.cnf
26 basicConstraints = critical,CA:false
27 keyUsage = keyEncipherment, digitalSignature
28 extendedKeyUsage=clientAuth
30 subjectKeyIdentifier = hash
31 authorityKeyIdentifier = keyid:always
35 cat <<TESTCA > reqMail.cnf
36 basicConstraints = critical,CA:false
37 keyUsage = keyEncipherment, digitalSignature
38 extendedKeyUsage=emailProtection
40 subjectKeyIdentifier = hash
41 authorityKeyIdentifier = keyid:always
45 genserver(){ #key, subject, config
46 openssl genrsa -out $1.key ${KEYSIZE}
47 openssl req -new -key $1.key -out $1.csr -subj "$2"
48 caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}"
50 openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12
56 cat $year/ca/env_${year}_1.ca/key.crt env.ca/key.crt root.ca/key.crt > env.chain.crt
58 # generate environment-keys specific to gigi.
59 # first the server keys
60 genserver $year/keys/www "/CN=www.${DOMAIN}" req.cnf
61 genserver $year/keys/secure "/CN=secure.${DOMAIN}" req.cnf
62 genserver $year/keys/static "/CN=static.${DOMAIN}" req.cnf
63 genserver $year/keys/api "/CN=api.${DOMAIN}" req.cnf
65 # then the email signing key
66 genserver $year/keys/mail "/emailAddress=support@${DOMAIN}" reqMail.cnf
68 # then environment-keys for cassiopeia
69 genserver $year/keys/signer_client "/CN=CAcert signer handler 1" reqClient.cnf
70 genserver $year/keys/signer_server "/CN=CAcert signer 1" req.cnf
72 rm req.cnf reqMail.cnf reqClient.cnf
projects / nre.git / blob