diff options
| -rwxr-xr-x | scripts/third-party-create.sh | 27 | ||||
| -rwxr-xr-x | scripts/third-party-import.sh | 3 |
2 files changed, 30 insertions, 0 deletions
diff --git a/scripts/third-party-create.sh b/scripts/third-party-create.sh new file mode 100755 index 0000000..a043a5c --- /dev/null +++ b/scripts/third-party-create.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +rm -rf third +mkdir third +echo Secret123 > third/password.txt +certutil -N -d third -f third/password.txt +openssl rand -out third/noise.bin 2048 + +# generate external CA certificate + +echo -e "y\n\ny\n" | \ + certutil -S \ + -d third \ + -f third/password.txt \ + -z third/noise.bin \ + -n "Third-party CA" \ + -s "CN=Third-party CA,O=OTHER" \ + -x \ + -t "CTu,Cu,Cu" \ + -m $RANDOM\ + -2 \ + --keyUsage certSigning \ + --nsCertType sslCA,smimeCA,objectSigningCA + +certutil -L -d third -n "Third-party CA" -a > third-party.crt + +openssl crl2pkcs7 -nocrl -certfile third-party.crt -out third-party.p7b diff --git a/scripts/third-party-import.sh b/scripts/third-party-import.sh new file mode 100755 index 0000000..e552b9e --- /dev/null +++ b/scripts/third-party-import.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +certutil -A -d /var/lib/pki/pki-tomcat/alias -n "Third-party CA" -t "CT,C,C" -i third-party.crt |