File tree Expand file tree Collapse file tree 2 files changed +11
-6
lines changed
Expand file tree Collapse file tree 2 files changed +11
-6
lines changed Original file line number Diff line number Diff line change @@ -264,7 +264,7 @@ openssl req -inform der -in ./csr_response.der -out csr_response.req
264264You can now sign the CSR
265265
266266``` shell
267- openssl x509 -req -in csr_response.req -out csr_response.cert -CA ./certs/slot0/inter.der -sha384 -days 3650 -set_serial 3 -extensions v3_inter -extfile ./certs/openssl-alias .cnf
267+ openssl x509 -req -in csr_response.req -out csr_response.cert -CA ./certs/slot0/inter.der -sha384 -days 3650 -set_serial 3 -extensions alias_ca -extfile ./certs/openssl.cnf
268268```
269269
270270Then convert the certificate back to DER
Original file line number Diff line number Diff line change 5353 # "Test Device CA" but for other slots it might be the signed CSR
5454 # from set certificate.
5555
56- while openssl x509; do : ; done < immutable.der | tail -14 > custom_device.cert
57- openssl x509 -req -in ../slot0/alias.req -out alias.cert -CA custom_device.cert -CAkey ../slot0/device.key -sha384 -days 3650 -set_serial 3 -extensions v3_inter -extfile ../openssl-alias.cnf
58-
59- openssl x509 -req -in ../slot0/end_requester.req -out end_requester.cert -CA alias.cert -CAkey ../slot0/alias.key -sha384 -days 3650 -set_serial 4 -extensions v3_end -extfile ../openssl-alias.cnf
60- openssl x509 -req -in ../slot0/end_responder.req -out end_responder.cert -CA alias.cert -CAkey ../slot0/alias.key -sha384 -days 3650 -set_serial 5 -extensions v3_end -extfile ../openssl-alias.cnf
56+ while openssl x509; do echo " %" ; done < immutable.der | awk '
57+ /-----BEGIN CERTIFICATE-----/ { f=1; rec="" }
58+ f { rec = rec $0 ORS }
59+ /-----END CERTIFICATE-----/ { f=0 }
60+ END { if (f=="0") printf "%s", rec }
61+ ' > custom_device.cert
62+ openssl x509 -req -in ../slot0/alias.req -out alias.cert -CA custom_device.cert -CAkey ../slot0/device.key -sha384 -days 3650 -set_serial 3 -extensions alias_ca -extfile ../openssl.cnf
63+
64+ openssl x509 -req -in ../slot0/end_requester.req -out end_requester.cert -CA alias.cert -CAkey ../slot0/alias.key -sha384 -days 3650 -set_serial 4 -extensions leaf -extfile ../openssl.cnf
65+ openssl x509 -req -in ../slot0/end_responder.req -out end_responder.cert -CA alias.cert -CAkey ../slot0/alias.key -sha384 -days 3650 -set_serial 5 -extensions leaf -extfile ../openssl.cnf
6166
6267 # Generate der files
6368 openssl asn1parse -in alias.cert -out alias.cert.der
You can’t perform that action at this time.
0 commit comments