summaryrefslogtreecommitdiffstats
path: root/scripts/selfsign-create.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/selfsign-create.sh')
-rwxr-xr-xscripts/selfsign-create.sh69
1 files changed, 69 insertions, 0 deletions
diff --git a/scripts/selfsign-create.sh b/scripts/selfsign-create.sh
new file mode 100755
index 0000000..55c65c3
--- /dev/null
+++ b/scripts/selfsign-create.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+rm -rf nssdb
+mkdir nssdb
+echo Secret123 > nssdb/password.txt
+certutil -N -d nssdb -f nssdb/password.txt
+openssl rand -out nssdb/noise.bin 2048
+
+certutil -R \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -s "CN=CA Signing Certificate,O=EXAMPLE" \
+ -z nssdb/noise.bin \
+ -o nssdb/ca.csr.der
+
+BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
+cat nssdb/ca.csr.pem >> nssdb/ca.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
+rm nssdb/ca.csr.der
+rm nssdb/ca.csr.pem
+
+echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
+ certutil -C -x \
+ -d nssdb \
+ -f nssdb/password.txt \
+ -a -i nssdb/ca.csr \
+ -c "External CA" \
+ -m $RANDOM \
+ -v 240 \
+ -o nssdb/ca.crt \
+ -1 -2
+
+exit
+
+certutil -S -x \
+ -d nssdb \
+ -n signing \
+ -f nssdb/password.txt \
+ -s "CN=CA Signing Certificate,O=EXAMPLE" \
+ -c "CN=CA Signing Certificate,O=EXAMPLE" \
+ -t "CTu,CTu,CTu" \
+ -z nssdb/noise.bin \
+ -m 1 -v 240 \
+ -1 -2 -3 --extSKID --extAIA \
+ << EOF
+0
+1
+5
+6
+9
+y
+y
+
+y
+y
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+0
+
+
+2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
+
+2
+7
+http://server.example.com:8080/ca/ocsp
+0
+
+
+EOF
generated by cgit (git 2.34.1) at 2026-01-08 22:54:51 +0000