jameswhite

1. cert-tool --create-ca=root-ca --signing-ca=self                                  --combined
2. cert-tool --create-ca=mid-ca  --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
3. cert-tool --create-ca=mid-ca  --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
4. cert-tool --create-cert=end   --signing-ca=mid-ca.pem  --signing-key=mid-ca.pem  --combined
5.  
6. ############################################################################################
7. # create the root-ca
8. ./cert-tool --create-ca=root-ca --signing-ca=self                                  --combined
9. /usr/bin/openssl genrsa -rand /usr/local/cert-tool/etc/cert-tool.rand  \
10.                         -out root-ca.key.pem 1024
11.  
12. /usr/bin/openssl req -config openssl.conf -new -x509 -days 730 \
13.                      -key root-ca.key.pem -set_serial 0x0 -out root-ca.cert.pem
14.  
15. #or
16. /usr/bin/openssl req -config openssl.conf -new -x509 -days 730 \
17.                      -key root-ca.key.pem -set_serial 0x0 -out root-ca.cert.pem
18. ############################################################################################
19. # create a mid-ca
20. ./cert-tool --create-ca=mid-ca  --signing-ca=root-ca.pem --signing-key=root-ca.pem --combined
21. /usr/bin/openssl req -config openssl.conf -new -key mid-ca.key.pem -out mid-ca.csr
22. /usr/bin/openssl ca -batch -config openssl.conf -extensions cert_tool_x509_ca_ext \
23.                     -policy cert_tool_ca_policy -cert root-ca.pem -keyfile root-ca.pem \
24.                     -in mid-ca.csr -out mid-ca.cert.pem
25. ############################################################################################
26. # create a cert and sign with mid-ca
27. ./cert-tool --create-cert=end   --signing-ca=mid-ca.pem  --signing-key=mid-ca.pem  --combined
28. /usr/bin/openssl genrsa -rand /usr/local/cert-tool/etc/cert-tool.rand  -out end.key.pem 1024
29. /usr/bin/openssl req -config /usr/local/cert-tool/etc/cert-tool.conf -new \
30.                      -key end.key.pem -out end.csr
31. /usr/bin/openssl ca -batch -config /usr/local/cert-tool/etc/cert-tool.conf \
32.                     -cert mid-ca.pem -keyfile mid-ca.pem -out end.cert.pem -in end.csr
33.