OpenSSL scripts to run a small PKI
createrootca.sh script need's a subject string openssl-ed style. Creating a root CA named TEST for the country France with subject o = TEST, OU = PURPOSE, CN = ONLY, createrootca.sh should be launched with the following arguments :
./createrootca.sh -c TEST -C FR -s "/O=TEST/OU=PURPOSE/CN=ONLY"
createasubca.sh script need's a subject string openssl-ed style. Creating a SUB CA named SUBTEST1 issued by TEST with the subject o = TEST, OU = TEST , CN = TESTSUB1, createasubca.sh should be launched with the following arguments :
./createsubca.sh -i TEST -c SUBTEST1 -s "/O=TEST/OU=PURPOSE/CN=ONLY"
createuser.sh script need's a subject string openssl-ed style. Creating a user called usertest, issued by the SUBTEST1 CA with the subject o = TEST, OU = TEST , CN = usertest1, createuser.sh should be launched with the following arguments :
./createuser.sh -i usertest -c SUBTEST1 -p PROFILE -s "/O=TEST/OU=PURPOSE/CN=ONLY"
Usertest1 was a bad guys or maybe you screwed somewhere, you need to revoke the certificate, revokeuser.sh should be launched nervously with the following arguments :
./revokeuser.sh -i usertest -c SUBTEST1
You want the entire world to know that usertest1 was a n asshole bad guys, you need to create a CRL for the SUB CA called SUBTEST1 for a validity period of 7 days, createcrl.sh should be launched with the following arguments :
./createcrl.sh -c SUBTEST1 -d 7
CA => v3_ca
SUBCA => v3_subca
User => v3_user
Server => v3_server
EV. Server => v3_ev_server
OCSP => v3_ocspsigner
TimeStamp => v3_timestamp
Signature and encipherment => v3_sign_cipher
Signature, encipherment and Authntication => v3_sign_cipher_auth
CRL => crl_ext
- Finish README
- Make tests
- Frontend -> CGI :-)
Buy C41 chemicals for color analog negatives
Even it's easy, it's not clean
--.__.-- ___\(0_0)/ ~~/ (OO) \ __ / `='`='=