diff options
author | Erich Eckner <git@eckner.net> | 2019-09-02 10:13:27 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-02 12:03:10 +0200 |
commit | ae6cc296f850009ee4a088cf65ee971d6a501e55 (patch) | |
tree | b87900883a1e00a9f36b347e69a10b7c7481ef8e | |
parent | 73f5ef5beff3e2126e259613aa0cee318efd590f (diff) | |
download | simple-pki-ae6cc296f850009ee4a088cf65ee971d6a501e55.tar.xz |
website-run-through new
-rw-r--r-- | website-run-through | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/website-run-through b/website-run-through new file mode 100644 index 0000000..b4d2f42 --- /dev/null +++ b/website-run-through @@ -0,0 +1,56 @@ +#!/bin/bash + +mkdir -p ca/root-ca/private ca/root-ca/db crl certs +chmod 700 ca/root-ca/private + +cp /dev/null ca/root-ca/db/root-ca.db +cp /dev/null ca/root-ca/db/root-ca.db.attr +echo 01 > ca/root-ca/db/root-ca.crt.srl +echo 01 > ca/root-ca/db/root-ca.crl.srl + +openssl req -new \ + -config etc/root-ca.conf \ + -out ca/root-ca.csr \ + -keyout ca/root-ca/private/root-ca.key + +openssl ca -selfsign \ + -config etc/root-ca.conf \ + -in ca/root-ca.csr \ + -out ca/root-ca.crt \ + -extensions root_ca_ext + +mkdir -p ca/signing-ca/private ca/signing-ca/db crl certs +chmod 700 ca/signing-ca/private + +cp /dev/null ca/signing-ca/db/signing-ca.db +cp /dev/null ca/signing-ca/db/signing-ca.db.attr +echo 01 > ca/signing-ca/db/signing-ca.crt.srl +echo 01 > ca/signing-ca/db/signing-ca.crl.srl + +openssl req -new \ + -config etc/signing-ca.conf \ + -out ca/signing-ca.csr \ + -keyout ca/signing-ca/private/signing-ca.key + +openssl ca \ + -config etc/root-ca.conf \ + -in ca/signing-ca.csr \ + -out ca/signing-ca.crt \ + -extensions signing_ca_ext + +SAN=DNS:www.simple.org \ +openssl req -new \ + -config etc/server.conf \ + -out certs/simple.org.csr \ + -keyout certs/simple.org.key + +openssl ca \ + -config etc/signing-ca.conf \ + -in certs/simple.org.csr \ + -out certs/simple.org.crt \ + -extensions server_ext + +openssl ca \ + -config etc/signing-ca.conf \ + -revoke ca/signing-ca/01.pem \ + -crl_reason superseded |