amolkahat

# cat ca_with_nss.sh 
mkdir -p /root/nssdb
echo "SECret.123" > /root/nssdb/password.txt
certutil -N -d /root/nssdb -f /root/nssdb/password.txt
openssl rand -out /root/nssdb/noise.bin 2048
SKID="0x`openssl rand -hex 20`"
OCSP="http://$HOSTNAME:8080/ca/ocsp"
echo -e "y\n\ny\ny\n${SKID}\n\n\n\n${SKID}\n\n2\n7\n${OCSP}\n\n\n\n" | \
 certutil -S \
 -x \

amolkahat

country=IN
state=Maharashtra
locality=Pune
organization=redhat
organizationalunit=QE
commonname=$(hostname)

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/CN=CA Cert/O=$organization/OU=$organizationalunit"
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname"

amolkahat

Keybase proof

I hereby claim:

• I am amolkahat on github.
• I am amolkahat (https://keybase.io/amolkahat) on keybase.
• I have a public key ASDfu-DHzUHZeDTHn_aRuLQ_Z3sYsmmvviYQ2NRcTgIFvwo

To claim this, I am signing this object: