summaryrefslogtreecommitdiffstats
path: root/scripts/root-openssl-subca-sign.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/root-openssl-subca-sign.sh')
-rwxr-xr-xscripts/root-openssl-subca-sign.sh24
1 files changed, 24 insertions, 0 deletions
diff --git a/scripts/root-openssl-subca-sign.sh b/scripts/root-openssl-subca-sign.sh
new file mode 100755
index 0000000..693371c
--- /dev/null
+++ b/scripts/root-openssl-subca-sign.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+mkdir -p tmp
+
+cat > tmp/ca_signing-ext.cfg << EOF
+[ ca_extensions ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always, issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign
+EOF
+
+openssl x509 -req \
+ -CA tmp/root.crt \
+ -CAkey tmp/root.key \
+ -CAcreateserial \
+ -in tmp/ca_signing.csr \
+ -out tmp/ca_signing.crt \
+ -extfile tmp/ca_signing-ext.cfg \
+ -extensions ca_extensions \
+ -set_serial 1
+
+openssl x509 -text -noout -in tmp/ca_signing.crt
generated by cgit (git 2.34.1) at 2024-05-04 09:00:32 +0000