echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.${DOMAIN}" > /dev/null || error "OCSP field is wrong for $ca"
done
done
-
-# Verify infra keys
-cat env.ca/key.crt $year/ca/env_${year}_1.ca/key.crt > envChain.crt
-
-for key in $SERVER_KEYS signer_client signer_server; do
- verify ${year}/keys/$key.crt envChain.crt
- verifyExtlist "$(openssl x509 -in "${year}/keys/$key.crt" -noout -text)" critical "X509v3 Extended Key Usage:
-"
-done
-
-rm envChain.crt
-