It is usually used in conjunction with *Cassiopeia* and *Gigi*.
To generate a root certificate and all intermediate certificates for the years 2017 and 2018, run `./all root 2017 2018`.
+To adjust the settings of the certificates (organization name, domain name, …),
+create a `config` file and set the appropriate variables;
+the `config.example` file documents the available variables.
## Overview of Generating Shell Scripts
genKey(){ #subj, internalName
openssl genrsa -out $2.key ${KEYSIZE}
- openssl req -new -key $2.key -out $2.csr -subj "$1/O=Test Environment CA Ltd./OU=Test Environment CAs/C=AU"
+ openssl req -new -key $2.key -out $2.csr -subj "$1/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/C=$COUNTRY"
}
printf >&2 'error: no libfaketime found\n'
exit 1 # unfortunately, this will only exit the $() subshell
}
-
--- /dev/null
+# You can adjust the following variables:
+# APPNAME="Your CA name" # used in the Common Name (CN=) of all certificates
+# DOMAIN="example.com" # the main domain of your CA
+# ORGANIZATION="Your Organization Name" # legal name of your organization, the O= of all certificates
+# ORGANIZATIONAL_UNIT="Your Organizational Unit" # name of your organizational unit, the OU= of all certificates
+# COUNTRY="AT" # the country of your organization, the C= of all certificates
+# KEYSIZE=4096 # default is probably fine
# Generate the super Root CA
-genca "/CN=Gigi testCA" root
+genca "/CN=$APPNAME Root Certificate" root
#echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
rootSign root
# generate the various sub-CAs
for ca in "${STRUCT_CAS[@]}"; do
. ../CAs/$ca
- genca "/CN=$name" $ca
+ genca "/CN=$APPNAME $name Intermediate Certificate" $ca
rootSign $ca
done
rm ca.cnf subca.cnf
-
-
-
#!/bin/bash
+APPNAME="SomeCA"
DOMAIN="wpia.local"
+ORGANIZATION="Test Environment CA Ltd."
+ORGANIZATIONAL_UNIT="Test Environment CAs"
+COUNTRY="AT"
KEYSIZE=4096
-PRIVATEPW="changeit"
[ -f config ] && . ./config
projects / nre.git / commitdiff