Adding certificate Profiles to documentation

[nre.git] / generateKeys.sh

diff --git a/generateKeys.sh b/generateKeys.sh
index 27d86a70591482c95a9914cbd1f736f416be9875..4dd87a2bbc1fd16b7bc0e8b15f5c80945625cfef 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # this script generates a set of sample keys
 set -e
 
@@ -9,18 +9,24 @@ set -e
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
 TESTCA
 
 
@@ -31,7 +37,8 @@ rootSign(){ # csr
 
 # Generate the super Root CA
 genca "/CN=Cacert-gigi testCA" root
-openssl x509 -req -days 365 -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+#echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+rootSign root
 
 # generate the various sub-CAs
 for ca in $STRUCT_CAS; do