|
Packit |
c4476c |
There is often a need to generate test certificates automatically using
|
|
Packit |
c4476c |
a script. This is often a cause for confusion which can result in incorrect
|
|
Packit |
c4476c |
CA certificates, obsolete V1 certificates or duplicate serial numbers.
|
|
Packit |
c4476c |
The range of command line options can be daunting for a beginner.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The mkcerts.sh script is an example of how to generate certificates
|
|
Packit |
c4476c |
automatically using scripts. Example creates a root CA, an intermediate CA
|
|
Packit |
c4476c |
signed by the root and several certificates signed by the intermediate CA.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The script then creates an empty index.txt file and adds entries for the
|
|
Packit |
c4476c |
certificates and generates a CRL. Then one certificate is revoked and a
|
|
Packit |
c4476c |
second CRL generated.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The script ocsprun.sh runs the test responder on port 8888 covering the
|
|
Packit |
c4476c |
client certificates.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The script ocspquery.sh queries the status of the certificates using the
|
|
Packit |
c4476c |
test responder.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
|