]>
Commit | Line | Data |
---|---|---|
84783517 VD |
1 | #! /bin/sh |
2 | ||
3 | # Primary root: root-cert | |
4 | # root certs variants: CA:false, key2, DN2 | |
0daccd4d | 5 | # trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU |
84783517 VD |
6 | # |
7 | ./mkcert.sh genroot "Root CA" root-key root-cert | |
8 | ./mkcert.sh genss "Root CA" root-key root-nonca | |
9 | ./mkcert.sh genroot "Root CA" root-key2 root-cert2 | |
10 | ./mkcert.sh genroot "Root Cert 2" root-key root-name2 | |
11 | # | |
12 | openssl x509 -in root-cert.pem -trustout \ | |
13 | -addtrust serverAuth -out root+serverAuth.pem | |
14 | openssl x509 -in root-cert.pem -trustout \ | |
15 | -addreject serverAuth -out root-serverAuth.pem | |
16 | openssl x509 -in root-cert.pem -trustout \ | |
17 | -addtrust clientAuth -out root+clientAuth.pem | |
0daccd4d VD |
18 | openssl x509 -in root-cert.pem -trustout \ |
19 | -addreject anyExtendedKeyUsage -out root-anyEKU.pem | |
20 | openssl x509 -in root-cert.pem -trustout \ | |
21 | -addtrust anyExtendedKeyUsage -out root+anyEKU.pem | |
22 | openssl x509 -in root-cert2.pem -trustout \ | |
23 | -addtrust serverAuth -out root2+serverAuth.pem | |
24 | openssl x509 -in root-cert2.pem -trustout \ | |
25 | -addreject serverAuth -out root2-serverAuth.pem | |
26 | openssl x509 -in root-cert2.pem -trustout \ | |
27 | -addtrust clientAuth -out root2+clientAuth.pem | |
84783517 VD |
28 | |
29 | # Primary intermediate ca: ca-cert | |
30 | # ca variants: CA:false, key2, DN2, issuer2, expired | |
31 | # trust variants: +serverAuth, -serverAuth, +clientAuth | |
32 | # | |
33 | ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert | |
34 | ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert | |
35 | ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert | |
36 | ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert | |
37 | ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2 | |
38 | ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert -days -1 | |
39 | # | |
40 | openssl x509 -in ca-cert.pem -trustout \ | |
41 | -addtrust serverAuth -out ca+serverAuth.pem | |
42 | openssl x509 -in ca-cert.pem -trustout \ | |
43 | -addreject serverAuth -out ca-serverAuth.pem | |
44 | openssl x509 -in ca-cert.pem -trustout \ | |
45 | -addtrust clientAuth -out ca+clientAuth.pem | |
46 | ||
47 | # Primary leaf cert: ee-cert | |
48 | # ee variants: expired, issuer-key2, issuer-name2 | |
49 | # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth | |
50 | # purpose variants: client | |
51 | # | |
52 | ./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert | |
53 | ./mkcert.sh genee server.example ee-key ee-expired ca-key ca-cert -days -1 | |
54 | ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2 | |
55 | ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2 | |
56 | ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert | |
57 | # | |
58 | openssl x509 -in ee-cert.pem -trustout \ | |
59 | -addtrust serverAuth -out ee+serverAuth.pem | |
60 | openssl x509 -in ee-cert.pem -trustout \ | |
61 | -addreject serverAuth -out ee-serverAuth.pem | |
62 | openssl x509 -in ee-client.pem -trustout \ | |
63 | -addtrust clientAuth -out ee+clientAuth.pem | |
64 | openssl x509 -in ee-client.pem -trustout \ | |
65 | -addreject clientAuth -out ee-clientAuth.pem |