diff options
author | Rob Austein <sra@hactrn.net> | 2016-08-21 15:40:34 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-08-21 15:40:34 -0400 |
commit | f110c617c706e3a0b21daf29802e44668e202740 (patch) | |
tree | bcf8f0e8fa9f3618215816e4d3d3a2170e3dbd4b /issue-certificates.sh | |
parent | 3c65389a9c1473595ac9a7e315ccde42a0ee008c (diff) |
Split out certificate creation; handle verification properly.
Diffstat (limited to 'issue-certificates.sh')
-rwxr-xr-x | issue-certificates.sh | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/issue-certificates.sh b/issue-certificates.sh new file mode 100755 index 0000000..39e64d9 --- /dev/null +++ b/issue-certificates.sh @@ -0,0 +1,27 @@ +#!/bin/sh - + +. ./environment.sh + +set -x + +openssl req -batch -new -engine pkcs11 -keyform ENGINE -x509 -days 365 \ + -subj "/C=PV/O=Pottsylvanian Ministry of Offense/GN=Fearless/SN=Leader" \ + -key label_leader -out leader.cer + +openssl req -batch -new -engine pkcs11 -keyform ENGINE \ + -subj "/GN=Natasha/SN=Fatale" \ + -key label_natasha | +openssl x509 -req -engine pkcs11 -CAkeyform ENGINE -days 60 \ + -set_serial `date +%s` -extfile $OPENSSL_CONF -extensions ext_ee \ + -CAkey label_leader -CA leader.cer \ + -out natasha.cer + +openssl req -batch -new -engine pkcs11 -keyform ENGINE \ + -subj "/GN=Boris/SN=Badenov" \ + -key label_boris | +openssl x509 -req -engine pkcs11 -CAkeyform ENGINE -days 60 \ + -set_serial `date +%s` -extfile $OPENSSL_CONF -extensions ext_ee \ + -CAkey label_leader -CA leader.cer \ + -out boris.cer + +openssl verify -verbose -CAfile leader.cer boris.cer natasha.cer |