]> WPIA git - nre.git/blob - generateKeys.sh
projects / nre.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
several fixes on certificate profiles
[nre.git] / generateKeys.sh
1 #!/bin/bash
2 # this script generates a set of sample keys
3 set -e
4
5 . structure
6 . commonFunctions
7
8
9 ####### create various extensions files for the various certificate types ######
10 cat <<TESTCA > ca.cnf
11 basicConstraints = CA:true
12 keyUsage = keyCertSign, cRLSign
13
14 subjectKeyIdentifier = hash
15 authorityKeyIdentifier = keyid:always
16
17 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
18 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
19 TESTCA
20
21 cat <<TESTCA > subca.cnf
22 basicConstraints = CA:true
23 keyUsage = keyCertSign, cRLSign
24
25 subjectKeyIdentifier = hash
26 authorityKeyIdentifier = keyid:always
27
28 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
29 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
30 TESTCA
31
32
33 rootSign(){ # csr
34     caSign "$1.ca/key" root subca.cnf
35 }
36
37
38 # Generate the super Root CA
39 genca "/CN=Cacert-gigi testCA" root
40 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
41 rootSign root
42
43 # generate the various sub-CAs
44 for ca in $STRUCT_CAS; do
45     . CAs/$ca
46     genca "/CN=$name" $ca
47     rootSign $ca
48 done
49
50 rm ca.cnf subca.cnf
51
52
53
WPIA Root Certificate Generation Procedure