FIX: minor cert structure fixups

[nre.git] / generateKeys.sh

diff --git a/generateKeys.sh b/generateKeys.sh
index 8ddc79ca4a03c12180abc550bcc327f3fd36c9ee..cf0fcad7a2aa7cd83b7652b2dc7617af68943fa6 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -9,16 +9,22 @@ set -e
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
 crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
 TESTCA
@@ -31,7 +37,8 @@ rootSign(){ # csr
 
 # Generate the super Root CA
 genca "/CN=Cacert-gigi testCA" root
-openssl x509 -req -days 365 -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+#echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
+rootSign root
 
 # generate the various sub-CAs
 for ca in $STRUCT_CAS; do