| #!/bin/sh |
| # |
| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| |
| mkdir tmp |
| cd tmp |
| dd if=/dev/urandom bs=512 count=1 of=noise |
| echo "" > pwfile |
| |
| certutil -d . -N -f pwfile |
| |
| certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 3 |
| .example |
| 1 |
| n |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| |
| certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 3 |
| foo.example |
| 1 |
| y |
| 5 |
| O=Foo,st=ca,c=us |
| 1 |
| n |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 3 |
| .example |
| 1 |
| n |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| #DCISS copy certs |
| certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 5 |
| 6 |
| 9 |
| n |
| y |
| |
| n |
| 5 |
| 6 |
| 7 |
| 9 |
| n |
| CERTSCRIPT |
| |
| #the following cert MUST not pass |
| certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| #the following cert MUST pass |
| certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT |
| 0 |
| 2 |
| 3 |
| 4 |
| 9 |
| n |
| n |
| |
| y |
| 0 |
| 1 |
| 9 |
| n |
| CERTSCRIPT |
| |
| |
| |
| certutil -d . -L -n ca -r > NameConstraints.ca.cert |
| certutil -d . -L -n ica -r > NameConstraints.intermediate.cert |
| certutil -d . -L -n server1 -r > NameConstraints.server1.cert |
| certutil -d . -L -n server2 -r > NameConstraints.server2.cert |
| certutil -d . -L -n server3 -r > NameConstraints.server3.cert |
| certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert |
| certutil -d . -L -n server4 -r > NameConstraints.server4.cert |
| certutil -d . -L -n server5 -r > NameConstraints.server5.cert |
| certutil -d . -L -n server6 -r > NameConstraints.server6.cert |
| certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert |
| certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert |
| certutil -d . -L -n server7 -r > NameConstraints.server7.cert |
| certutil -d . -L -n server8 -r > NameConstraints.server8.cert |
| certutil -d . -L -n server9 -r > NameConstraints.server9.cert |
| certutil -d . -L -n server10 -r > NameConstraints.server10.cert |
| certutil -d . -L -n server11 -r > NameConstraints.server11.cert |
| certutil -d . -L -n server11 -r > NameConstraints.server11.cert |
| certutil -d . -L -n server12 -r > NameConstraints.server12.cert |
| certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert |
| certutil -d . -L -n server13 -r > NameConstraints.server13.cert |
| certutil -d . -L -n server14 -r > NameConstraints.server14.cert |
| certutil -d . -L -n ncca -r > NameConstraints.ncca.cert |
| certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert |
| certutil -d . -L -n server15 -r > NameConstraints.server15.cert |
| certutil -d . -L -n server16 -r > NameConstraints.server16.cert |
| certutil -d . -L -n server17 -r > NameConstraints.server17.cert |
| certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert |
| certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert |
| certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert |
| |
| echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert" |