7
1104 openssl req -x509 -days 1460 -newkey rsa:2048 \\n -keyout caKey.pem -out caCert.pem
8
1105 openssl genrsa -out ca.pem 1024
9
1106 openssl req -x509 -days 1460 -key ca.pem \\n -keyout caKey.pem -out caCert.pem
10
1107 openssl req -x509 -days 1460 -new -key ca.pem \\n -keyout caKey.pem -out caCert.pem
12
1109 openssl x509 -in caCert.pem -noout -text
15
1112 openssl ca -in ../../../east/etc/ipsec.d/private/east.req -days 730 -out ../../../east/etc/ipsec.d/eastCert.pem -notext
16
1113 openssl ca -in ../../../east/etc/ipsec.d/private/east.req -days 730 -out ../../../east/etc/ipsec.d/eastCert.pem -notext -cakey ca.pem
3
# HACK up the config file first
5
source ../../umlsetup.sh
7
sed -e "s,@BUILDTOP@,$BUILDTOP," nic/etc/openssl/openssl.cnf.in >nic/etc/openssl/openssl.cnf
9
for host in east west north
11
if [ ! -r all/etc/ipsec.d/certs/${host}.uml.freeswan.org.cert ]
13
openssl ca -config nic/etc/openssl/openssl.cnf -in $host/etc/ipsec.d/private/$host.req -days 730 -out all/etc/ipsec.d/certs/${host}.uml.freeswan.org.cert -notext -keyfile nic/etc/CA/private/cakey.pem
18
# now update the CRL list.
19
openssl ca -config nic/etc/openssl/openssl.cnf -gencrl -out all/etc/ipsec.d/crls/nic.pem