blob: 55c65c38a5a80b4f3f8e06bf77c098c211cb0fd7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#!/bin/sh
rm -rf nssdb
mkdir nssdb
echo Secret123 > nssdb/password.txt
certutil -N -d nssdb -f nssdb/password.txt
openssl rand -out nssdb/noise.bin 2048
certutil -R \
-d nssdb \
-f nssdb/password.txt \
-s "CN=CA Signing Certificate,O=EXAMPLE" \
-z nssdb/noise.bin \
-o nssdb/ca.csr.der
BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
cat nssdb/ca.csr.pem >> nssdb/ca.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
rm nssdb/ca.csr.der
rm nssdb/ca.csr.pem
echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
certutil -C -x \
-d nssdb \
-f nssdb/password.txt \
-a -i nssdb/ca.csr \
-c "External CA" \
-m $RANDOM \
-v 240 \
-o nssdb/ca.crt \
-1 -2
exit
certutil -S -x \
-d nssdb \
-n signing \
-f nssdb/password.txt \
-s "CN=CA Signing Certificate,O=EXAMPLE" \
-c "CN=CA Signing Certificate,O=EXAMPLE" \
-t "CTu,CTu,CTu" \
-z nssdb/noise.bin \
-m 1 -v 240 \
-1 -2 -3 --extSKID --extAIA \
<< EOF
0
1
5
6
9
y
y
y
y
2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
0
2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
2
7
http://server.example.com:8080/ca/ocsp
0
EOF
|