FIX: minor cert structure fixups

[nre.git] / generateInfra.sh

diff --git a/generateInfra.sh b/generateInfra.sh
index bcad07709f0df2075b34cb75cc080348e21316cf..e6b74fb944dbd8126ad071e20159494595c95eee 100755 (executable)
--- a/generateInfra.sh
+++ b/generateInfra.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e
 
@@ -9,15 +9,16 @@ year=$1
 . commonFunctions
 
 CRL="
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env.crt"
+crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env-1.crt"
 
 cat <<TESTCA > req.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=serverAuth
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 
@@ -25,8 +26,9 @@ cat <<TESTCA > reqClient.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=clientAuth
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 
@@ -34,15 +36,16 @@ cat <<TESTCA > reqMail.cnf
 basicConstraints = critical,CA:false
 keyUsage = keyEncipherment, digitalSignature
 extendedKeyUsage=emailProtection
+
 subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
 $CRL
 TESTCA
 
 genserver(){ #key, subject, config
     openssl genrsa -out $1.key ${KEYSIZE}
     openssl req -new -key $1.key -out $1.csr -subj "$2"
-    caSign $1 $year/ca/env_${year}_1 "$3"
+    caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}"
     
     openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12