move generated to own folder + permissions

[nre.git] / generateKeys.sh

diff --git a/generateKeys.sh b/generateKeys.sh
index 353acb15773b3dc47c336b7a2adc9ec154e42174..d5d4750d30cb57d6f43f66f86b418a199395ac7d 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -5,22 +5,30 @@ set -e
 . structure
 . commonFunctions
 
+mkdir -p generated
+cd generated
 
 ####### create various extensions files for the various certificate types ######
 cat <<TESTCA > ca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
 basicConstraints = CA:true
-subjectKeyIdentifier = hash
 keyUsage = keyCertSign, cRLSign
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 
@@ -36,7 +44,7 @@ rootSign root
 
 # generate the various sub-CAs
 for ca in $STRUCT_CAS; do
-    . CAs/$ca
+    . ../CAs/$ca
     genca "/CN=$name" $ca
     rootSign $ca
 done