Page History

# Specify key name used for file names
key_name=signing

# Step 1 - Generate Private Key and Certificate Signing Request
openssl req -new -sha256 -config <(cat openssl-cert.config <(printf "\n[SAN]\nnsCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n")) \
	-keynodes -keyout ${key_name}.key -out ${key_name}.csr

# Step 2 - Generate and sign the Signing Certificate
openssl x509 -req \
    -in ${key_name}.csr \
    -CA signing-ca.crt \
    -CAkey signing-ca.key \
    -CAcreateserial \
    -out ${key_name}.crt -days 7300 \
    -extfile <(printf 'nsCertType = objsign\nkeyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment\n\n\nextendedKeyUsage = critical, codeSigning\n\nsubjectKeyIdentifier = hash\n' "${key_name}")