2 # this script generates a set of sample keys
9 ####### create various extensions files for the various certificate types ######
11 basicConstraints = CA:true
12 subjectKeyIdentifier = hash
13 keyUsage = keyCertSign, cRLSign
14 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
15 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
18 cat <<TESTCA > subca.cnf
19 basicConstraints = CA:true
20 subjectKeyIdentifier = hash
21 keyUsage = keyCertSign, cRLSign
22 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
23 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
28 caSign "$1.ca/key" root subca.cnf
32 # Generate the super Root CA
33 genca "/CN=Cacert-gigi testCA" root
34 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
37 # generate the various sub-CAs
38 for ca in $STRUCT_CAS; do