1*e0c4386eSCy SchubertThere is often a need to generate test certificates automatically using 2*e0c4386eSCy Schuberta script. This is often a cause for confusion which can result in incorrect 3*e0c4386eSCy SchubertCA certificates, obsolete V1 certificates or duplicate serial numbers. 4*e0c4386eSCy SchubertThe range of command line options can be daunting for a beginner. 5*e0c4386eSCy Schubert 6*e0c4386eSCy SchubertThe mkcerts.sh script is an example of how to generate certificates 7*e0c4386eSCy Schubertautomatically using scripts. Example creates a root CA, an intermediate CA 8*e0c4386eSCy Schubertsigned by the root and several certificates signed by the intermediate CA. 9*e0c4386eSCy Schubert 10*e0c4386eSCy SchubertThe script then creates an empty index.txt file and adds entries for the 11*e0c4386eSCy Schubertcertificates and generates a CRL. Then one certificate is revoked and a 12*e0c4386eSCy Schubertsecond CRL generated. 13*e0c4386eSCy Schubert 14*e0c4386eSCy SchubertThe script ocsprun.sh runs the test responder on port 8888 covering the 15*e0c4386eSCy Schubertclient certificates. 16*e0c4386eSCy Schubert 17*e0c4386eSCy SchubertThe script ocspquery.sh queries the status of the certificates using the 18*e0c4386eSCy Schuberttest responder. 19