Added self-signed CA scripts.

5 files changed, 138 insertions, 0 deletions

diff --git a/scripts/selfsign-create.sh b/scripts/selfsign-create.sh
new file mode 100755
index 0000000..55c65c3
--- /dev/null
+++ b/scripts/selfsign-create.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+rm -rf nssdb
+mkdir nssdb
+echo Secret123 > nssdb/password.txt
+certutil -N -d nssdb -f nssdb/password.txt
+openssl rand -out nssdb/noise.bin 2048
+
+certutil -R \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -s "CN=CA Signing Certificate,O=EXAMPLE" \
+ -z nssdb/noise.bin \
+ -o nssdb/ca.csr.der
+
+BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
+cat nssdb/ca.csr.pem >> nssdb/ca.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
+rm nssdb/ca.csr.der
+rm nssdb/ca.csr.pem
+
+echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
+ certutil -C -x \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -a -i nssdb/ca.csr \
+ -c "External CA" \
+ -m $RANDOM \
+ -v 240 \
+ -o nssdb/ca.crt \
+ -1 -2
+
+exit
+
+certutil -S -x \
+ -d nssdb \
+ -n signing \
+ -f nssdb/password.txt \
+ -s "CN=CA Signing Certificate,O=EXAMPLE" \
+ -c "CN=CA Signing Certificate,O=EXAMPLE" \
+ -t "CTu,CTu,CTu" \
+ -z nssdb/noise.bin \
+ -m 1 -v 240 \
+ -1 -2 -3 --extSKID --extAIA \
+ << EOF
+0
+1
+5
+6
+9
+y
+y
+
+y
+y
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+0
+
+
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+
+2
+7
+http://server.example.com:8080/ca/ocsp
+0
+
+
+EOF
diff --git a/scripts/selfsign-remove.sh b/scripts/selfsign-remove.sh
new file mode 100755
index 0000000..7c45276
--- /dev/null
+++ b/scripts/selfsign-remove.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+certutil -D -d /root/.dogtag/nssdb -n testcert
diff --git a/scripts/selfsign-request.sh b/scripts/selfsign-request.sh
new file mode 100755
index 0000000..3989e17
--- /dev/null
+++ b/scripts/selfsign-request.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+certutil -R \
+ -d ~/.dogtag/nssdb \
+ -f password.txt \
+ -s "CN=CA Signing Certificate,O=EXAMPLE" \
+ -z noise.bin \
+ -o ca.csr \
+ -a
+
+#rm -rf nssdb
+#mkdir nssdb
+#echo Secret123 > nssdb/password.txt
+#certutil -N -d nssdb -f nssdb/password.txt
+#openssl rand -out nssdb/noise.bin 2048
+
+#certutil -R \
+# -d nssdb \
+# -f nssdb/password.txt \
+# -s "CN=CA Signing Certificate,O=EXAMPLE" \
+# -z nssdb/noise.bin \
+# -o nssdb/ca.csr.der
+
+#BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
+#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
+#cat nssdb/ca.csr.pem >> nssdb/ca.csr
+#echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
+#rm nssdb/ca.csr.der
+#rm nssdb/ca.csr.pem
diff --git a/scripts/selfsign-show.sh b/scripts/selfsign-show.sh
new file mode 100755
index 0000000..d0dad2d
--- /dev/null
+++ b/scripts/selfsign-show.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+certutil -L -d /root/.dogtag/nssdb -n testcert
diff --git a/scripts/selfsign-sign.sh b/scripts/selfsign-sign.sh
new file mode 100755
index 0000000..1445175
--- /dev/null
+++ b/scripts/selfsign-sign.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+certutil -C -x \
+ -d ~/.dogtag/nssdb \
+ -f password.txt \
+ -a -i ca.csr -o ca.crt \
+ -c "CN=CA Signing Certificate,O=EXAMPLE" \
+ -m $RANDOM \
+ -v 240 \
+ --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \
+ -2 \
+ -3 \
+ --extSKID \
+ --extAIA \
+<< EOF
+y
+
+y
+y
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+0
+
+
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+
+2
+7
+http://server.example.com:8080/ca/ocsp
+0
+
+
+EOF
+
+certutil -A -d ~/.dogtag/nssdb -n testcert -i ca.crt -t "CTu,CTu,CTu"