#!/bin/sh

rm -rf nssdb
mkdir nssdb
echo Secret123 > nssdb/password.txt
certutil -N -d nssdb -f nssdb/password.txt
openssl rand -out nssdb/noise.bin 2048

certutil -R \
 -d nssdb \
 -f nssdb/password.txt \
 -s "CN=CA Signing Certificate,O=EXAMPLE" \
 -z nssdb/noise.bin \
 -o nssdb/ca.csr.der

BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
cat nssdb/ca.csr.pem >> nssdb/ca.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
rm nssdb/ca.csr.der
rm nssdb/ca.csr.pem

echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
 certutil -C -x \
 -d nssdb \
 -f nssdb/password.txt \
 -a -i nssdb/ca.csr \
 -c "External CA" \
 -m $RANDOM \
 -v 240 \
 -o nssdb/ca.crt \
 -1 -2

exit

certutil -S -x \
 -d nssdb \
 -n signing \
 -f nssdb/password.txt \
 -s "CN=CA Signing Certificate,O=EXAMPLE" \
 -c "CN=CA Signing Certificate,O=EXAMPLE" \
 -t "CTu,CTu,CTu" \
 -z nssdb/noise.bin \
 -m 1 -v 240 \
 -1 -2 -3 --extSKID --extAIA \
 << EOF
0
1
5
6
9
y
y

y
y
2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
0


2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f

2
7
http://server.example.com:8080/ca/ocsp
0


EOF