diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:58:41 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:58:41 +0200 |
commit | 3f8a742673d3f2aeb006d66ef7ccca89c368eb66 (patch) | |
tree | cfac70fd8c75225a38d1762ceda6ab29616b8738 | |
parent | e95825fb85e60bfa29a3124c37d6aac890a08163 (diff) | |
download | pki-dev-3f8a742673d3f2aeb006d66ef7ccca89c368eb66.tar.gz pki-dev-3f8a742673d3f2aeb006d66ef7ccca89c368eb66.tar.xz pki-dev-3f8a742673d3f2aeb006d66ef7ccca89c368eb66.zip |
Added self-signed CA scripts.
-rwxr-xr-x | scripts/selfsign-create.sh | 69 | ||||
-rwxr-xr-x | scripts/selfsign-remove.sh | 3 | ||||
-rwxr-xr-x | scripts/selfsign-request.sh | 29 | ||||
-rwxr-xr-x | scripts/selfsign-show.sh | 3 | ||||
-rwxr-xr-x | scripts/selfsign-sign.sh | 34 |
5 files changed, 138 insertions, 0 deletions
diff --git a/scripts/selfsign-create.sh b/scripts/selfsign-create.sh new file mode 100755 index 0000000..55c65c3 --- /dev/null +++ b/scripts/selfsign-create.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +rm -rf nssdb +mkdir nssdb +echo Secret123 > nssdb/password.txt +certutil -N -d nssdb -f nssdb/password.txt +openssl rand -out nssdb/noise.bin 2048 + +certutil -R \ + -d nssdb \ + -f nssdb/password.txt \ + -s "CN=CA Signing Certificate,O=EXAMPLE" \ + -z nssdb/noise.bin \ + -o nssdb/ca.csr.der + +BtoA nssdb/ca.csr.der nssdb/ca.csr.pem +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr +cat nssdb/ca.csr.pem >> nssdb/ca.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr +rm nssdb/ca.csr.der +rm nssdb/ca.csr.pem + +echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \ + certutil -C -x \ + -d nssdb \ + -f nssdb/password.txt \ + -a -i nssdb/ca.csr \ + -c "External CA" \ + -m $RANDOM \ + -v 240 \ + -o nssdb/ca.crt \ + -1 -2 + +exit + +certutil -S -x \ + -d nssdb \ + -n signing \ + -f nssdb/password.txt \ + -s "CN=CA Signing Certificate,O=EXAMPLE" \ + -c "CN=CA Signing Certificate,O=EXAMPLE" \ + -t "CTu,CTu,CTu" \ + -z nssdb/noise.bin \ + -m 1 -v 240 \ + -1 -2 -3 --extSKID --extAIA \ + << EOF +0 +1 +5 +6 +9 +y +y + +y +y +2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f +0 + + +2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f + +2 +7 +http://server.example.com:8080/ca/ocsp +0 + + +EOF diff --git a/scripts/selfsign-remove.sh b/scripts/selfsign-remove.sh new file mode 100755 index 0000000..7c45276 --- /dev/null +++ b/scripts/selfsign-remove.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +certutil -D -d /root/.dogtag/nssdb -n testcert diff --git a/scripts/selfsign-request.sh b/scripts/selfsign-request.sh new file mode 100755 index 0000000..3989e17 --- /dev/null +++ b/scripts/selfsign-request.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +certutil -R \ + -d ~/.dogtag/nssdb \ + -f password.txt \ + -s "CN=CA Signing Certificate,O=EXAMPLE" \ + -z noise.bin \ + -o ca.csr \ + -a + +#rm -rf nssdb +#mkdir nssdb +#echo Secret123 > nssdb/password.txt +#certutil -N -d nssdb -f nssdb/password.txt +#openssl rand -out nssdb/noise.bin 2048 + +#certutil -R \ +# -d nssdb \ +# -f nssdb/password.txt \ +# -s "CN=CA Signing Certificate,O=EXAMPLE" \ +# -z nssdb/noise.bin \ +# -o nssdb/ca.csr.der + +#BtoA nssdb/ca.csr.der nssdb/ca.csr.pem +#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr +#cat nssdb/ca.csr.pem >> nssdb/ca.csr +#echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr +#rm nssdb/ca.csr.der +#rm nssdb/ca.csr.pem diff --git a/scripts/selfsign-show.sh b/scripts/selfsign-show.sh new file mode 100755 index 0000000..d0dad2d --- /dev/null +++ b/scripts/selfsign-show.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +certutil -L -d /root/.dogtag/nssdb -n testcert diff --git a/scripts/selfsign-sign.sh b/scripts/selfsign-sign.sh new file mode 100755 index 0000000..1445175 --- /dev/null +++ b/scripts/selfsign-sign.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +certutil -C -x \ + -d ~/.dogtag/nssdb \ + -f password.txt \ + -a -i ca.csr -o ca.crt \ + -c "CN=CA Signing Certificate,O=EXAMPLE" \ + -m $RANDOM \ + -v 240 \ + --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \ + -2 \ + -3 \ + --extSKID \ + --extAIA \ +<< EOF +y + +y +y +2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f +0 + + +2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f + +2 +7 +http://server.example.com:8080/ca/ocsp +0 + + +EOF + +certutil -A -d ~/.dogtag/nssdb -n testcert -i ca.crt -t "CTu,CTu,CTu" |