summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-09-02 10:13:27 +0200
committerErich Eckner <git@eckner.net>2019-09-02 12:03:10 +0200
commitae6cc296f850009ee4a088cf65ee971d6a501e55 (patch)
treeb87900883a1e00a9f36b347e69a10b7c7481ef8e
parent73f5ef5beff3e2126e259613aa0cee318efd590f (diff)
downloadsimple-pki-ae6cc296f850009ee4a088cf65ee971d6a501e55.tar.xz
website-run-through new
-rw-r--r--website-run-through56
1 files changed, 56 insertions, 0 deletions
diff --git a/website-run-through b/website-run-through
new file mode 100644
index 0000000..b4d2f42
--- /dev/null
+++ b/website-run-through
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+mkdir -p ca/root-ca/private ca/root-ca/db crl certs
+chmod 700 ca/root-ca/private
+
+cp /dev/null ca/root-ca/db/root-ca.db
+cp /dev/null ca/root-ca/db/root-ca.db.attr
+echo 01 > ca/root-ca/db/root-ca.crt.srl
+echo 01 > ca/root-ca/db/root-ca.crl.srl
+
+openssl req -new \
+ -config etc/root-ca.conf \
+ -out ca/root-ca.csr \
+ -keyout ca/root-ca/private/root-ca.key
+
+openssl ca -selfsign \
+ -config etc/root-ca.conf \
+ -in ca/root-ca.csr \
+ -out ca/root-ca.crt \
+ -extensions root_ca_ext
+
+mkdir -p ca/signing-ca/private ca/signing-ca/db crl certs
+chmod 700 ca/signing-ca/private
+
+cp /dev/null ca/signing-ca/db/signing-ca.db
+cp /dev/null ca/signing-ca/db/signing-ca.db.attr
+echo 01 > ca/signing-ca/db/signing-ca.crt.srl
+echo 01 > ca/signing-ca/db/signing-ca.crl.srl
+
+openssl req -new \
+ -config etc/signing-ca.conf \
+ -out ca/signing-ca.csr \
+ -keyout ca/signing-ca/private/signing-ca.key
+
+openssl ca \
+ -config etc/root-ca.conf \
+ -in ca/signing-ca.csr \
+ -out ca/signing-ca.crt \
+ -extensions signing_ca_ext
+
+SAN=DNS:www.simple.org \
+openssl req -new \
+ -config etc/server.conf \
+ -out certs/simple.org.csr \
+ -keyout certs/simple.org.key
+
+openssl ca \
+ -config etc/signing-ca.conf \
+ -in certs/simple.org.csr \
+ -out certs/simple.org.crt \
+ -extensions server_ext
+
+openssl ca \
+ -config etc/signing-ca.conf \
+ -revoke ca/signing-ca/01.pem \
+ -crl_reason superseded