diff options
Diffstat (limited to 'scripts/ca-external-nss-sign.sh')
-rwxr-xr-x | scripts/ca-external-nss-sign.sh | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/scripts/ca-external-nss-sign.sh b/scripts/ca-external-nss-sign.sh index f8b4bc9..b67082c 100755 --- a/scripts/ca-external-nss-sign.sh +++ b/scripts/ca-external-nss-sign.sh @@ -1,20 +1,19 @@ #!/bin/sh -rm -rf external -mkdir external -certutil -N -d external -f password.txt -openssl rand -out external/noise.bin 2048 +rm -rf tmp/external +mkdir -p tmp/external +certutil -N -d tmp/external -f password.txt +openssl rand -out tmp/external/noise.bin 2048 echo "## Generating external CA certificate..." -#ROOTCA_SKID="0x847bb8664d7a32f182974ca861fb26867ecb42cd" ROOTCA_SKID="0x`openssl rand -hex 20`" echo -e "y\n\ny\n${ROOTCA_SKID}\n\n" | \ certutil -S \ - -d external \ + -d tmp/external \ -f password.txt \ - -z external/noise.bin \ + -z tmp/external/noise.bin \ -n "External CA" \ -s "CN=External CA,O=EXTERNAL" \ -x \ @@ -24,26 +23,25 @@ echo -e "y\n\ny\n${ROOTCA_SKID}\n\n" | \ --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \ --extSKID -# --keyUsage certSigning \ # --nsCertType sslCA,smimeCA,objectSigningCA + echo "## Exporting external CA certificate..." -certutil -L -d external -n "External CA" -a > external.crt +certutil -L -d tmp/external -n "External CA" -a > tmp/external.crt echo "## Signing the CA signing certificate..." -#SUBCA_SKID="0x7d34de0374bcb294d5447479060266a52310e9ce" SUBCA_SKID="0x`openssl rand -hex 20`" SUBCA_OCSP="http://$HOSTNAME:8080/ca/ocsp" echo -e "y\n\ny\ny\n${ROOTCA_SKID}\n\n\n\n${SUBCA_SKID}\n\n2\n7\n${SUBCA_OCSP}\n\n\n\n" | \ certutil -C \ - -d external \ + -d tmp/external \ -f password.txt \ -m $RANDOM \ -a \ - -i ca_signing.csr \ - -o ca_signing.crt \ + -i tmp/ca_signing.csr \ + -o tmp/ca_signing.crt \ -c "External CA" \ --extSKID \ -2 -3 \ @@ -53,15 +51,16 @@ echo -e "y\n\ny\ny\n${ROOTCA_SKID}\n\n\n\n${SUBCA_SKID}\n\n2\n7\n${SUBCA_OCSP}\n echo "## Generating certificate chain..." -certutil -A -d external -n "CA Signing Certificate" -t "CT,C,C" -a -i ca_signing.crt +certutil -A -d tmp/external -n "CA Signing Certificate" -t "CT,C,C" -a -i tmp/ca_signing.crt -openssl crl2pkcs7 -nocrl -certfile external.crt -out cert_chain.p7b -#openssl crl2pkcs7 -nocrl -certfile external.crt -certfile ca_signing.crt -out cert_chain.p7b +openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b +#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -certfile tmp/ca_signing.crt -out tmp/cert_chain.p7b #certutil -C \ -# -d external \ +# -d tmp/external \ # -f password.txt \ # -m $RANDOM \ -# -a -i ca_signing.csr \ -# -o ca_signing.crt \ +# -a \ +# -i tmp/ca_signing.csr \ +# -o tmp/ca_signing.crt \ # -c "External CA" |