| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | There is often a need to generate test certificates automatically using |
| 2 | a script. This is often a cause for confusion which can result in incorrect |
| 3 | CA certificates, obsolete V1 certificates or duplicate serial numbers. |
| 4 | The range of command line options can be daunting for a beginner. |
| 5 | |
| 6 | The mkcerts.sh script is an example of how to generate certificates |
| 7 | automatically using scripts. Example creates a root CA, an intermediate CA |
| 8 | signed by the root and several certificates signed by the intermediate CA. |
| 9 | |
| 10 | The script then creates an empty index.txt file and adds entries for the |
| 11 | certificates and generates a CRL. Then one certificate is revoked and a |
| 12 | second CRL generated. |
| 13 | |
| 14 | The script ocsprun.sh runs the test responder on port 8888 covering the |
| 15 | client certificates. |
| 16 | |
| 17 | The script ocspquery.sh queries the status of the certificates using the |
| 18 | test responder. |
| 19 | |
| 20 | |
| 21 | |