Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thescriptguy/create_rootca_subca

Some shell scripts to create a Root and Subordinate CA's with various RSA bit sizes and
https://github.com/thescriptguy/create_rootca_subca

Last synced: 8 months ago
JSON representation

Some shell scripts to create a Root and Subordinate CA's with various RSA bit sizes and

Awesome Lists containing this project

README 

          
# create_rootca_subca



I do a lot of testing with Root and Subordinate CA's and got tired of generating new CA's every time I wanted to test a new ciphersuite or RSA key size.



These scripts will help create Root and Subordinate CA's (some information can be configured with variables).



* go_ec.sh will generate elliptic curve Root and Subordinate CA's (defaults to secp224r1, secp384r1, secp521r1)

* go_rsa.sh will generate RSA (defaults to 2048, 4096 and 8192 bit)



Fields that can be edited (currently defaults to):



```bash

ORGANIZATIONNAME="Acme Widgets Ltd."  

ORGANIZATIONALUNITNAME="Notorious Big Infosec Group (BIG)"  

```



How many days do you want the CA's to be valid for? Keeping in mind that Subordinate CA days can't be larger than Root CA Days.



10 years + 2 days  

```bash

DEFAULT_ROOTCA_DAYS=3652  

```



2 years + 2 days  

```bash

DEFAULT_SUBCA_DAYS=732  

```



Which hash do you want to use for signing the certificates.

Keep in mind that SHA-1 certificates are not trusted by many vendors any more.  



```bash

DEFAULT_MD="sha256"  

```



For the Elliptic Curve keys, edit EC_KEYS appropriately.  

```bash

EC_KEYS="secp224r1 secp384r1 secp521r1"  

```



For a list of elliptic curves supported by openssl run the following command:



```bash

openssl ecparam -list_curves  

```



Special thanks to https://pki-tutorial.readthedocs.io for some guidance on how to create the openssl configuration files.