blob: 0ce337d6aa5b155a1d773349f1b1941160871e31 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#!/bin/sh
AKID="`cat nssdb/ca_signing.skid`"
echo "AKID: ${AKID}"
OCSP="`cat nssdb/ocsp_url`"
echo "OCSP: ${OCSP}"
echo -e "y\n${AKID}\n\n\n\n2\n7\n${OCSP}\n\n\n\n" | \
certutil -C \
-d nssdb \
-f nssdb/password.txt \
-m $RANDOM \
-a \
-i nssdb/kra_storage.csr \
-o nssdb/kra_storage.crt \
-c "ca_signing" \
-3 \
--extAIA \
--keyUsage critical,dataEncipherment,keyEncipherment,digitalSignature,nonRepudiation \
--extKeyUsage clientAuth
certutil -A -d nssdb -n "kra_storage" -i nssdb/kra_storage.crt -t ",,"
openssl x509 -text -noout -in nssdb/kra_storage.crt
|
