2 # this script generates a set of sample keys
9 ####### create various extensions files for the various certificate types ######
11 basicConstraints = CA:true
12 keyUsage = keyCertSign, cRLSign
14 subjectKeyIdentifier = hash
15 authorityKeyIdentifier = keyid:always
17 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
18 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
21 cat <<TESTCA > subca.cnf
22 basicConstraints = CA:true
23 keyUsage = keyCertSign, cRLSign
25 subjectKeyIdentifier = hash
26 authorityKeyIdentifier = keyid:always
28 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
29 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
34 caSign "$1.ca/key" root subca.cnf
38 # Generate the super Root CA
39 genca "/CN=Cacert-gigi testCA" root
40 #echo openssl x509 -req $ROOT_VALIDITY -in root.ca/key.csr -signkey root.ca/key.key -out root.ca/key.crt -extfile ca.cnf
43 # generate the various sub-CAs
44 for ca in $STRUCT_CAS; do