#!/bin/sh

certutil -C -x \
 -d ~/.dogtag/nssdb \
 -f password.txt \
 -a -i ca.csr -o ca.crt \
 -c "CN=CA Signing Certificate,O=EXAMPLE" \
 -m $RANDOM \
 -v 240 \
 --keyUsage digitalSignature,nonRepudiation,certSigning,crlSigning,critical \
 -2 \
 -3 \
 --extSKID \
 --extAIA \
<< EOF
y

y
y
2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
0


2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f

2
7
http://server.example.com:8080/ca/ocsp
0


EOF

certutil -A -d ~/.dogtag/nssdb -n testcert -i ca.crt -t "CTu,CTu,CTu"