summaryrefslogtreecommitdiffstats
path: root/scripts/nssdb-subsystem-sign.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/nssdb-subsystem-sign.sh')
-rwxr-xr-xscripts/nssdb-subsystem-sign.sh25
1 files changed, 25 insertions, 0 deletions
diff --git a/scripts/nssdb-subsystem-sign.sh b/scripts/nssdb-subsystem-sign.sh
new file mode 100755
index 0000000..9edf060
--- /dev/null
+++ b/scripts/nssdb-subsystem-sign.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+AKID="`cat nssdb/ca_signing.skid`"
+echo "AKID: ${AKID}"
+
+OCSP="`cat nssdb/ocsp_url`"
+echo "OCSP: ${OCSP}"
+
+echo -e "y\n${AKID}\n\n\n\n2\n7\n${OCSP}\n\n\n\n" | \
+ certutil -C \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -m $RANDOM \
+ -a \
+ -i nssdb/subsystem.csr \
+ -o nssdb/subsystem.crt \
+ -c "ca_signing" \
+ -3 \
+ --extAIA \
+ --keyUsage critical,dataEncipherment,keyEncipherment,digitalSignature,nonRepudiation \
+ --extKeyUsage clientAuth,serverAuth
+
+certutil -A -d nssdb -n "subsystem" -i nssdb/subsystem.crt -t ",,"
+
+openssl x509 -text -noout -in nssdb/subsystem.crt
generated by cgit (git 2.34.1) at 2024-04-20 00:37:33 +0000