3 # Copying and distribution of this file, with or without modification,
4 # are permitted in any medium without royalty provided the copyright
5 # notice and this notice are preserved. This file is offered as-is,
6 # without any warranty.
8 ORG="/C=FR/ST=Brittany/L=Vannes/O=IoT.bzh"
10 cat > extensions << EOC
12 basicConstraints=CA:TRUE
14 subjectKeyIdentifier=hash
15 authorityKeyIdentifier=keyid
17 basicConstraints=CA:TRUE
18 keyUsage=keyCertSign,digitalSignature
19 subjectKeyIdentifier=hash
20 authorityKeyIdentifier=keyid
23 keyof() { echo -n "$1.key.pem"; }
24 certof() { echo -n "$1.cert.pem"; }
28 local s="$1" n="$2" cn="$3" sig="$4"
29 local key="$(keyof "$n")" cert="$(certof "$n")"
34 echo "generation of the $n key"
36 -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \
41 if [ ! -f "$cert" -o "$key" -nt "$cert" ]
44 echo "generation of the $n certificate"
63 local s="$1" n="$2" cn="$3"
64 generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root"
68 local s="$1" n="$2" cn="$3" i="$4"
69 generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate"
73 genroot 1 root "Root certificate"
74 derivate 2 developer "Root developer" root
75 derivate 3 platform "Root platform" root
76 derivate 4 partner "Root partner" root
77 derivate 5 public "Root public" root