diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-09-09 20:47:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-09-09 20:47:36 +0000 |
commit | 61d24f102d114a001fc8942bcb27620a242ec4c5 (patch) | |
tree | 2aa5ab2e0a1c89fcf989190b452b5679d233641b /demos/certs | |
parent | 79b184fb4b65d501352a189ff102b509e14e62ca (diff) |
update README
Diffstat (limited to 'demos/certs')
-rw-r--r-- | demos/certs/README | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/demos/certs/README b/demos/certs/README index d022d0afc0..126663a1d8 100644 --- a/demos/certs/README +++ b/demos/certs/README @@ -3,7 +3,19 @@ a script. This is often a cause for confusion which can result in incorrect CA certificates, obsolete V1 certificates or duplicate serial numbers. The range of command line options can be daunting for a beginner. -This is a simple example of how to generate certificates automatically -using scripts. Example creates a root CA, a server certificate signed by -the root, an intermediate CA signed by the root and finally a client -certificate signed by the intermediate CA. +The mkcerts.sh script is an example of how to generate certificates +automatically using scripts. Example creates a root CA, an intermediate CA +signed by the root and several certificates signed by the intermediate CA. + +The script then creates an empty index.txt file and adds entries for the +certificates and generates a CRL. Then one certificate is revoked and a +second CRL generated. + +The script ocsprun.sh runs the test responder on port 8888 covering the +client certificates. + +The script ocspquery.sh queries the status of the certificates using the +test responder. + + + |