Added NSSDB scripts.

author: Endi S. Dewata <edewata@redhat.com> 2017-10-20 21:30:52 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-10-20 21:31:27 +0200
commit: 1cbf6fc8c9381f0835530dc0753f7c7af7502d88 (patch)
tree: 7c874c3cb422f8719fe49ffbdb67fa0273964bb0 /scripts/nssdb-ca_signing-create.sh
parent: a2412da7c00eceb51aa946fcd120ae9441e94e33 (diff)
download: pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.gz
pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.xz
pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/scripts/nssdb-ca_signing-create.sh b/scripts/nssdb-ca_signing-create.sh
new file mode 100755
index 0000000..b387aca
--- /dev/null
+++ b/scripts/nssdb-ca_signing-create.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+SKID="0x`openssl rand -hex 20`"
+echo $SKID > nssdb/ca_signing.skid
+
+OCSP="http://$HOSTNAME:8080/ca/ocsp"
+echo $OCSP > nssdb/ocsp_url
+
+echo -e "y\n\ny\ny\n${SKID}\n\n\n\n${SKID}\n\n2\n7\n${OCSP}\n\n\n\n" | \
+ certutil -S \
+ -x \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -z nssdb/noise.bin \
+ -n "ca_signing" \
+ -s "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE" \
+ -t "CT,C,C" \
+ -m $RANDOM \
+ -k rsa \
+ -g 2048 \
+ -Z SHA256 \
+ -2 \
+ -3 \
+ --extAIA \
+ --extSKID \
+ --keyUsage critical,certSigning,crlSigning,digitalSignature,nonRepudiation
author	Endi S. Dewata <edewata@redhat.com>	2017-10-20 21:30:52 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-10-20 21:31:27 +0200
commit	1cbf6fc8c9381f0835530dc0753f7c7af7502d88 (patch)
tree	7c874c3cb422f8719fe49ffbdb67fa0273964bb0 /scripts/nssdb-ca_signing-create.sh
parent	a2412da7c00eceb51aa946fcd120ae9441e94e33 (diff)
download	pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.gz pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.tar.xz pki-dev-1cbf6fc8c9381f0835530dc0753f7c7af7502d88.zip