6 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
11 genTimeCA(){ #csr,ca to sign with,start,end
14 cat <<TESTCA > timesubca.cnf
15 basicConstraints=critical,CA:true
16 keyUsage=critical,keyCertSign, cRLSign
18 subjectKeyIdentifier = hash
19 authorityKeyIdentifier = keyid:always
21 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$2.crl
22 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$2.crt
24 certificatePolicies=@polsect
27 policyIdentifier = 1.3.6.1.4.1.18506.9.2.${CPSID}
28 CPS.1="http://g2.cps.${DOMAIN}/g2/${KNAME}.cps"
31 caSign $1 $2 timesubca.cnf "$3" "$4"
38 for i in "${TIME_IDX[@]}"; do
39 nextp=${points[$((${i} + 1))]}
40 # adjustment of year according to RFC 5280 GeneralizedTime (>=2050) and UTCTime (<2050)
41 if (( year >= 2050 )); then
44 yearT=$((year - 2000))
47 point=${yearT}${points[${i}]}
49 if [[ "$nextp" == "" ]]; then
55 if (( eyear >= 2050 )); then
58 eyearT=$((eyear - 2000))
62 epoint=${eyearT}${epoints[${i}]}
64 for ca in "${STRUCT_CAS[@]}"; do
66 genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
67 genTimeCA $year/ca/${ca}_${year}_${i} $ca "$point" "$epoint"