. commonFunctions
CRL="
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env.crt"
+crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$year/env-1.crt"
cat <<TESTCA > req.cnf
basicConstraints = critical,CA:false
keyUsage = keyEncipherment, digitalSignature
extendedKeyUsage=serverAuth
+
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
$CRL
TESTCA
basicConstraints = critical,CA:false
keyUsage = keyEncipherment, digitalSignature
extendedKeyUsage=clientAuth
+
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
$CRL
TESTCA
basicConstraints = critical,CA:false
keyUsage = keyEncipherment, digitalSignature
extendedKeyUsage=emailProtection
+
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
$CRL
TESTCA
####### create various extensions files for the various certificate types ######
cat <<TESTCA > ca.cnf
basicConstraints = CA:true
-subjectKeyIdentifier = hash
keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
TESTCA
cat <<TESTCA > subca.cnf
basicConstraints = CA:true
-subjectKeyIdentifier = hash
keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/root.crt
TESTCA
genTimeCA(){ #csr,ca to sign with,start,end
cat <<TESTCA > timesubca.cnf
basicConstraints = CA:true
-subjectKeyIdentifier = hash
keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl
authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$2.crt
TESTCA
STARTDATE="${year}"
-ENDDATE="$((${year} + 2))"
+ENDDATE="$((${year} + 3))"
for i in $TIME_IDX; do
point=${points[${i}]}