From 956d5a77ca9f084ca0b14464d0c8037dfd4d28a9 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Wed, 22 Mar 2017 19:24:10 +0100
Subject: [PATCH] upd: remove CAcert, generally improve README.md
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Still to do, but not in this commit: extract all remaining strings like
âWPIA rootâ or âTest Environmentâ into a single file and then document
clearly in the README.md which one file should be edited or created to
put the correct information in the certificates.

Change-Id: Ic1cb0dd1fffc2bf297ab9020fa8713b9efcba868
---
 README.md      | 48 +++++++++++++++++++++++++++---------------------
 generateKeys   |  2 +-
 structure.bash |  2 +-
 3 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index fdbfc2b..17c3852 100644
--- a/README.md
+++ b/README.md
@@ -1,35 +1,41 @@
-# cacert-nre
+# NRE
 
-This is the a project that contains scripts to generate CAcerts new ( after 2015 ) root structure.
+This project is a collection of shell scripts to generate X.509 certificates suitable for operating a Certificate Authority.
+It is usually used in conjunction with *Cassiopeia* and *Gigi*.
 
-You can run the whole generation process for 2015 by invoking `./all root 2015`.
+To generate a root certificate and all intermediate certificates for the years 2017 and 2018, run `./all root 2017 2018`.
 
 ## Overview of Generating Shell Scripts
 
-The shellscripts that can be invoked (in order of `all`) are:
+The shell scripts that can be invoked (in order of `all`) are:
 
-* `clear` remove all previously generated keys
-* `generateKeys` generate the root certificate and structure certificates (levels 0 and 1)
-* `generateTime 2015` generate the sub-cas for the year 2015
-* `generateInfra 2015` generate the CAcert Infrastructure keys (gigi ssl, gigi smime, signer communication, ...)
-* `verify 2015` verify all keys for the year 2015
-* (optional) `generateSignerConfig 2015` generate config to be deployed on cassiopeia
+* `clear`: remove all previously generated keys
+* `generateKeys`: generate the root certificate and structure certificates (levels 0 and 1)
+* `generateTime 2017`: generate the sub-cas for one year
+* `generateInfra 2017`: generate the CA Infrastructure keys (Gigi TLS, Gigi S/MIME, communication with the signer, â¦) for one year
+* `verify 2017`: verify all keys for one year
+* (optional) `generateSignerConfig 2017`: generate config to be deployed on cassiopeia
 
-all these scripts depend on 2 'library-scripts':
+All of these scripts depend on 2 âlibrary scriptsâ:
 
-* `commonFunctions.bash` functions used all over those scripts
-* `structure.bash` definitions of what cas and keys exist
+* `commonFunctions.bash`: functions used all over those scripts
+* `structure.bash`: definitions of which CAs and keys exist
 
 ## Other Files and Folders
 
-* `CAs` configuration per structure sub-ca
-* `profiles` configuration per certificate profile
-* `selfsign.config` config for the CAs maintained by this script-collection internally
+* `CAs`: configuration per structure sub-ca
+* `profiles`: configuration per certificate profile
+* `selfsign.config`: config for the CAs maintained by this script-collection internally
 
 ## Generated Files and Folders
-* `2015/ca` generated time-based subcas for 2015
-* `2015/keys` generated infrastructure keys for 2015
-* `{root,assured,unassured,...}.ca` root CAs
-* `*.ca/key.key` the CAs private key
-* `*.ca/key.crt` the CAs certificate
 
+The following files and directories are generated in the `generated/` directory.
+
+* `2017/ca`: generated time-based sub-certificates for one year
+* `2017/keys`: generated infrastructure keys for one year
+* `{root,assured,unassured,...}.ca/`: subdirectories for the individual certificates
+* `*.ca/key.key`: the certificateâs private key
+* `*.ca/key.crt`: the certificateâs certificate
+
+They are also bundled into several `*.tar.gz` files in the `generated/` directory,
+which are used by the `manager/` scripts in the *infra* project.
diff --git a/generateKeys b/generateKeys
index 321be23..956e4fd 100755
--- a/generateKeys
+++ b/generateKeys
@@ -51,7 +51,7 @@ TESTCA
 
 
 # Generate the super Root CA
-genca "/CN=Cacert-gigi testCA" root
+genca "/CN=Gigi testCA" root
 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
 rootSign root
 
diff --git a/structure.bash b/structure.bash
index ae5eba0..c88e3c6 100644
--- a/structure.bash
+++ b/structure.bash
@@ -1,5 +1,5 @@
 #!/bin/bash
-DOMAIN="cacert.org"
+DOMAIN="wpia.local"
 KEYSIZE=4096
 PRIVATEPW="changeit"
 
-- 
2.39.2