diff options
Diffstat (limited to 'scripts/external-nss3.sh')
-rwxr-xr-x | scripts/external-nss3.sh | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/scripts/external-nss3.sh b/scripts/external-nss3.sh new file mode 100755 index 0000000..35ac602 --- /dev/null +++ b/scripts/external-nss3.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# generate level 1 CA certificate + +rm -rf nssdb +mkdir nssdb +echo Secret123 > nssdb/password.txt +certutil -N -d nssdb -f nssdb/password.txt +openssl rand -out nssdb/noise.bin 2048 + +echo -e "y\n\ny\n" | \ + certutil -S \ + -d nssdb \ + -f nssdb/password.txt \ + -z nssdb/noise.bin \ + -n "Level 1 CA" \ + -s "CN=CA Signing Certificate,O=LEVEL1" \ + -x \ + -t "CTu,Cu,Cu" \ + -m $RANDOM\ + -2 \ + --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical + +certutil -L -d nssdb -n "Level 1 CA" -a > level1.crt + +# generate level 2 CA certificate + +echo -e "y\n\ny\n" | \ + certutil -R \ + -d nssdb \ + -f nssdb/password.txt \ + -z nssdb/noise.bin \ + -s "CN=CA Signing Certificate,O=LEVEL2" \ + -2 \ + --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \ + -o level2.csr.der + +BtoA level2.csr.der level2.csr.pem +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > level2.csr +cat level2.csr.pem >> level2.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> level2.csr +rm level2.csr.der +rm level2.csr.pem + +echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \ + certutil -C \ + -d nssdb \ + -f nssdb/password.txt \ + -m $RANDOM \ + -a \ + -i level2.csr \ + -o level2.crt \ + -c "Level 1 CA" \ + -1 -2 + +certutil -A -d nssdb -n "Level 2 CA" -i level2.crt -t "CTu,Cu,Cu" + +# generate level 3 CA certificate + +echo -e "y\n\ny\n" | \ + certutil -R \ + -d nssdb \ + -f nssdb/password.txt \ + -z nssdb/noise.bin \ + -s "CN=CA Signing Certificate,O=LEVEL3" \ + -2 \ + --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \ + -o level3.csr.der + +BtoA level3.csr.der level3.csr.pem +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > level3.csr +cat level3.csr.pem >> level3.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> level3.csr +rm level3.csr.der +rm level3.csr.pem + +echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \ + certutil -C \ + -d nssdb \ + -f nssdb/password.txt \ + -m $RANDOM \ + -a \ + -i level3.csr \ + -o level3.crt \ + -c "Level 2 CA" \ + -1 -2 + +certutil -A -d nssdb -n "Level 3 CA" -i level3.crt -t "CTu,Cu,Cu" + |