diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:30:52 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:31:27 +0200 |
commit | 1cbf6fc8c9381f0835530dc0753f7c7af7502d88 (patch) | |
tree | 7c874c3cb422f8719fe49ffbdb67fa0273964bb0 /scripts/nssdb-ca_signing-create.sh | |
parent | a2412da7c00eceb51aa946fcd120ae9441e94e33 (diff) | |
download | pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.gz pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.xz pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.zip |
Added NSSDB scripts.
Diffstat (limited to 'scripts/nssdb-ca_signing-create.sh')
-rwxr-xr-x | scripts/nssdb-ca_signing-create.sh | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/scripts/nssdb-ca_signing-create.sh b/scripts/nssdb-ca_signing-create.sh new file mode 100755 index 0000000..b387aca --- /dev/null +++ b/scripts/nssdb-ca_signing-create.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +SKID="0x`openssl rand -hex 20`" +echo $SKID > nssdb/ca_signing.skid + +OCSP="http://$HOSTNAME:8080/ca/ocsp" +echo $OCSP > nssdb/ocsp_url + +echo -e "y\n\ny\ny\n${SKID}\n\n\n\n${SKID}\n\n2\n7\n${OCSP}\n\n\n\n" | \ + certutil -S \ + -x \ + -d nssdb \ + -f nssdb/password.txt \ + -z nssdb/noise.bin \ + -n "ca_signing" \ + -s "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE" \ + -t "CT,C,C" \ + -m $RANDOM \ + -k rsa \ + -g 2048 \ + -Z SHA256 \ + -2 \ + -3 \ + --extAIA \ + --extSKID \ + --keyUsage critical,certSigning,crlSigning,digitalSignature,nonRepudiation |