Lines Matching full:ca
4 ./mkcert.sh genroot "Root CA" root-key root-cert
5 # root cert variants: CA:false, key2, DN2, expired
6 ./mkcert.sh genss "Root CA" root-key root-nonca
7 ./mkcert.sh genroot "Root CA" root-key2 root-cert2
9 DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired
12 ./mkcert.sh genca "Root CA" root-key root-cross-cert cross-key cross-root
40 # Root CA security level variants:
43 ./mkcert.sh genroot "Root CA" root-key root-cert-md5
46 ./mkcert.sh genroot "Root CA" root-key-768 root-cert-768
49 ./mkcert.sh genroot "Root CA" root-key croot-cert clientAuth
65 ./mkcert.sh genroot "Root CA" root-key sroot-cert serverAuth
80 # Primary intermediate ca: ca-cert
81 ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert
82 # ca variants: CA:false, no bc, key2, DN2, issuer2, expired
83 ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert
84 ./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert
85 ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
86 ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
87 ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
88 DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert
90 openssl x509 -in ca-cert.pem -trustout \
91 -addtrust serverAuth -out ca+serverAuth.pem
92 openssl x509 -in ca-cert.pem -trustout \
93 -addreject serverAuth -out ca-serverAuth.pem
94 openssl x509 -in ca-cert.pem -trustout \
95 -addtrust clientAuth -out ca+clientAuth.pem
96 openssl x509 -in ca-cert.pem -trustout \
97 -addreject clientAuth -out ca-clientAuth.pem
99 openssl x509 -in ca-cert.pem -trustout \
100 -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem
101 openssl x509 -in ca-cert.pem -trustout \
102 -addreject anyExtendedKeyUsage -out ca-anyEKU.pem
103 # ca-nonca trust variants: +serverAuth, +anyEKU
104 openssl x509 -in ca-nonca.pem -trustout \
106 openssl x509 -in ca-nonca.pem -trustout \
109 # Intermediate CA security variants:
112 ./mkcert.sh genca "CA" ca-key ca-cert-md5 root-key root-cert
113 openssl x509 -in ca-cert-md5.pem -trustout \
114 -addtrust anyExtendedKeyUsage -out ca-cert-md5-any.pem
116 ./mkcert.sh genca "CA" ca-key ca-cert-768i root-key-768 root-cert-768
117 # CA has 768-bit key
119 ./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert
121 ./mkcert.sh genca "CA" ca-key-ec-explicit ca-cert-ec-explicit root-key root-cert
123 ./mkcert.sh genca "CA" ca-key-ec-named ca-cert-ec-named root-key root-cert
125 # client intermediate ca: cca-cert
126 ./mkcert.sh genca -p clientAuth "CA" ca-key cca-cert root-key root-cert
141 # server intermediate ca: sca-cert
142 ./mkcert.sh genca -p serverAuth "CA" ca-key sca-cert root-key root-cert
158 ./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert
160 ./mkcert.sh genee server.example ee-key ee-expired ca-key ca-cert -days -1
161 ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
162 ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
163 ./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
164 -extfile <(echo "basicConstraints=CA:false,pathlen:0") # bash needed here
166 ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
180 ./mkcert.sh genee server.example ee-key ee-cert-md5 ca-key ca-cert
182 ./mkcert.sh genee server.example ee-key ee-cert-768i ca-key-768 ca-cert-768
185 ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
186 # EC cert with explicit curve signed by named curve ca
187 ./mkcert.sh genee server.example ee-key-ec-explicit ee-cert-ec-explicit ca-key-ec-named ca-cert-ec-…
188 # EC cert with named curve signed by explicit curve ca
190 ee-cert-ec-named-explicit ca-key-ec-explicit ca-cert-ec-explicit
191 # EC cert with named curve signed by named curve ca
193 ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named
196 ./mkcert.sh genee server.example ee-key-1024 ee-cert-1024 ca-key ca-cert
199 ./mkcert.sh genee server.example ee-key-3072 ee-cert-3072 ca-key ca-cert
202 ./mkcert.sh genee server.example ee-key-4096 ee-cert-4096 ca-key ca-cert
205 ./mkcert.sh genee server.example ee-key-8192 ee-cert-8192 ca-key ca-cert
246 NC=$NC ./mkcert.sh genca "Test NC CA 1" ncca1-key ncca1-cert root-key root-cert
255 NC=$NC ./mkcert.sh genca "Test NC CA 2" ncca2-key ncca2-cert root-key root-cert
257 # Name constraints subordinate CA. Adds www.good.net (which should be
258 # disallowed because parent CA doesn't permit it) adds ok.good.com
265 NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
364 # www.good.net allowed by parent CA but not parent of parent
373 # other.good.com not allowed by parent CA but allowed by parent of parent
382 # www.bad.net excluded by parent CA.
394 "Test NC CA othername" nccaothername-key nccaothername-cert \
404 ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
407 ./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
409 # CA-PSS
410 ./mkcert.sh genca "CA-PSS" ca-pss-key ca-pss-cert root-key root-cert \
412 ./mkcert.sh genee "EE-PSS" ee-key ee-pss-cert ca-pss-key ca-pss-cert \
415 #./mkcert.sh genee "EE-PSS-wrong1.5" ee-key ee-pss-wrong1.5-cert ca-pss-key ca-pss-cert -sha256
436 ./mkcert.sh geneeextra server.example ee-key ee-cert-noncrit-unknown-ext ca-key ca-cert "1.2.3.4=DE…
439 ./mkcert.sh geneeextra server.example ee-key ee-cert-crit-unknown-ext ca-key ca-cert "1.2.3.4=criti…
442 ./mkcert.sh geneeextra server.example ee-key ee-cert-ocsp-nocheck ca-key ca-cert "1.3.6.1.5.5.7.48.…
445 ./mkcert.sh genca -c "1.3.6.1.4.1.16604.998855.1" "CA" ca-key ca-pol-cert root-key root-cert
446 ./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1…
448 ./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolici…