2 # this script generates a set of sample keys
11 ####### create various extensions files for the various certificate types ######
13 basicConstraints = CA:true
14 keyUsage = keyCertSign, cRLSign
16 subjectKeyIdentifier = hash
17 authorityKeyIdentifier = keyid:always
19 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
20 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
23 cat <<TESTCA > subca.cnf
24 basicConstraints = CA:true
25 keyUsage = keyCertSign, cRLSign
27 subjectKeyIdentifier = hash
28 authorityKeyIdentifier = keyid:always
30 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
31 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
36 caSign "$1.ca/key" root subca.cnf
40 # Generate the super Root CA
41 genca "/CN=Cacert-gigi testCA" root
42 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
45 # generate the various sub-CAs
46 for ca in $STRUCT_CAS; do