diff options
Diffstat (limited to 'scripts/root-openssl-subca-sign.sh')
-rwxr-xr-x | scripts/root-openssl-subca-sign.sh | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/scripts/root-openssl-subca-sign.sh b/scripts/root-openssl-subca-sign.sh new file mode 100755 index 0000000..693371c --- /dev/null +++ b/scripts/root-openssl-subca-sign.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +mkdir -p tmp + +cat > tmp/ca_signing-ext.cfg << EOF +[ ca_extensions ] + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign +EOF + +openssl x509 -req \ + -CA tmp/root.crt \ + -CAkey tmp/root.key \ + -CAcreateserial \ + -in tmp/ca_signing.csr \ + -out tmp/ca_signing.crt \ + -extfile tmp/ca_signing-ext.cfg \ + -extensions ca_extensions \ + -set_serial 1 + +openssl x509 -text -noout -in tmp/ca_signing.crt |