]> WPIA git - nre.git/blob - generateKeys.sh
projects / nre.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
upd: generate drop-in-able configs for gigi
[nre.git] / generateKeys.sh
1 #!/bin/bash
2 # this script generates a set of sample keys
3 set -e
4
5 . structure
6 . commonFunctions
7
8 mkdir -p generated
9 cd generated
10
11 ####### create various extensions files for the various certificate types ######
12 cat <<TESTCA > ca.cnf
13 basicConstraints = critical,CA:true
14 keyUsage =critical, keyCertSign, cRLSign
15
16 subjectKeyIdentifier = hash
17 authorityKeyIdentifier = keyid:always
18
19 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
20 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
21 TESTCA
22
23
24 rootSign(){ # csr
25     POLICY=ca.cnf
26     if [[ "$1" != "root" ]] ; then
27         KNAME=$1
28         POLICY=subca.cnf
29         . ../CAs/${KNAME}
30         cat <<TESTCA > subca.cnf
31
32 basicConstraints =critical, CA:true
33 keyUsage =critical, keyCertSign, cRLSign
34
35 subjectKeyIdentifier = hash
36 authorityKeyIdentifier = keyid:always
37
38 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
39 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
40
41 certificatePolicies=@polsect
42
43 [polsect]
44 policyIdentifier = 1.3.6.1.4.1.18506.9.${CPSID}
45 CPS.1="http://g2.cps.${DOMAIN}/g2/${KNAME}.cps"
46
47 TESTCA
48     fi
49     caSign "$1.ca/key" root $POLICY
50 }
51
52
53 # Generate the super Root CA
54 genca "/CN=Cacert-gigi testCA" root
55 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
56 rootSign root
57
58 # generate the various sub-CAs
59 for ca in $STRUCT_CAS; do
60     . ../CAs/$ca
61     genca "/CN=$name" $ca
62     rootSign $ca
63 done
64
65 rm ca.cnf subca.cnf
66
67
68
WPIA Root Certificate Generation Procedure