keshihoriuchi/create_ca.sh

## create_ca.sh
#!/bin/bash

# Ubuntuデフォルトの/etc/ssl/openssl.cnf 前提。ベースは/usr/lib/ssl/misc/CA.sh

set -ex
CATOP="./demoCA"

mkdir ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
openssl genrsa -out ${CATOP}/private/cakey.pem 2048

openssl req -new \
  -key ${CATOP}/private/cakey.pem \
  -out ${CATOP}/careq.pem \
  -subj "/C=JP/ST=Tokyo/L=Chiyoda/O=Example Company/CN=example.com"

openssl ca -create_serial -out ${CATOP}/cacert.pem -days 3650 -batch \
  -keyfile ${CATOP}/private/cakey.pem -selfsign \
  -extensions v3_ca \
  -infiles ${CATOP}/careq.pem
	#!/bin/bash

	# Ubuntuデフォルトの/etc/ssl/openssl.cnf 前提。ベースは/usr/lib/ssl/misc/CA.sh

	set -ex
	CATOP="./demoCA"

	mkdir ${CATOP}
	mkdir -p ${CATOP}/certs
	mkdir -p ${CATOP}/crl
	mkdir -p ${CATOP}/newcerts
	mkdir -p ${CATOP}/private
	touch ${CATOP}/index.txt
	openssl genrsa -out ${CATOP}/private/cakey.pem 2048

	openssl req -new \
	-key ${CATOP}/private/cakey.pem \
	-out ${CATOP}/careq.pem \
	-subj "/C=JP/ST=Tokyo/L=Chiyoda/O=Example Company/CN=example.com"

	openssl ca -create_serial -out ${CATOP}/cacert.pem -days 3650 -batch \
	-keyfile ${CATOP}/private/cakey.pem -selfsign \
	-extensions v3_ca \
	-infiles ${CATOP}/careq.pem