summaryrefslogtreecommitdiffstats
path: root/scripts/selfsign-create.sh
blob: 55c65c38a5a80b4f3f8e06bf77c098c211cb0fd7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

#!/bin/sh

rm -rf nssdb
mkdir nssdb
echo Secret123 > nssdb/password.txt
certutil -N -d nssdb -f nssdb/password.txt
openssl rand -out nssdb/noise.bin 2048

certutil -R \
 -d nssdb \
 -f nssdb/password.txt \
 -s "CN=CA Signing Certificate,O=EXAMPLE" \
 -z nssdb/noise.bin \
 -o nssdb/ca.csr.der

BtoA nssdb/ca.csr.der nssdb/ca.csr.pem
echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > nssdb/ca.csr
cat nssdb/ca.csr.pem >> nssdb/ca.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> nssdb/ca.csr
rm nssdb/ca.csr.der
rm nssdb/ca.csr.pem

echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
 certutil -C -x \
 -d nssdb \
 -f nssdb/password.txt \
 -a -i nssdb/ca.csr \
 -c "External CA" \
 -m $RANDOM \
 -v 240 \
 -o nssdb/ca.crt \
 -1 -2

exit

certutil -S -x \
 -d nssdb \
 -n signing \
 -f nssdb/password.txt \
 -s "CN=CA Signing Certificate,O=EXAMPLE" \
 -c "CN=CA Signing Certificate,O=EXAMPLE" \
 -t "CTu,CTu,CTu" \
 -z nssdb/noise.bin \
 -m 1 -v 240 \
 -1 -2 -3 --extSKID --extAIA \
 << EOF
0
1
5
6
9
y
y

y
y
2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f
0


2d:7e:83:37:75:5a:fd:0e:8d:52:a3:70:16:93:36:b8:4a:d6:84:9f

2
7
http://server.example.com:8080/ca/ocsp
0


EOF
generated by cgit (git 2.34.1) at 2024-05-04 20:09:54 +0000