openssl

mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00

History

Rich Salz 4e6e57cfcd Cleanup cert config files for tests Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11347)		2020-06-03 09:56:56 +02:00
..
apps	Cleanup cert config files for tests	2020-06-03 09:56:56 +02:00
ca.cnf	Cleanup cert config files for tests	2020-06-03 09:56:56 +02:00
mkcerts.sh	Remove unnecessary trailing whitespace	2019-02-05 16:25:11 +01:00
ocspquery.sh	Extend certificate creation examples to include CRL generation and sample	2012-09-09 20:43:49 +00:00
ocsprun.sh	Extend certificate creation examples to include CRL generation and sample	2012-09-09 20:43:49 +00:00
README	Remove unnecessary trailing whitespace	2019-02-05 16:25:11 +01:00

README

There is often a need to generate test certificates automatically using
a script. This is often a cause for confusion which can result in incorrect
CA certificates, obsolete V1 certificates or duplicate serial numbers.
The range of command line options can be daunting for a beginner.

The mkcerts.sh script is an example of how to generate certificates
automatically using scripts. Example creates a root CA, an intermediate CA
signed by the root and several certificates signed by the intermediate CA.

The script then creates an empty index.txt file and adds entries for the
certificates and generates a CRL. Then one certificate is revoked and a
second CRL generated.

The script ocsprun.sh runs the test responder on port 8888 covering the
client certificates.

The script ocspquery.sh queries the status of the certificates using the
test responder.