blob: 693371c91d136b1575a42f25e298408ea9b73e9e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#!/bin/sh
mkdir -p tmp
cat > tmp/ca_signing-ext.cfg << EOF
[ ca_extensions ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always, issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, nonRepudiation, keyCertSign, cRLSign
EOF
openssl x509 -req \
-CA tmp/root.crt \
-CAkey tmp/root.key \
-CAcreateserial \
-in tmp/ca_signing.csr \
-out tmp/ca_signing.crt \
-extfile tmp/ca_signing-ext.cfg \
-extensions ca_extensions \
-set_serial 1
openssl x509 -text -noout -in tmp/ca_signing.crt
|