mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-13 11:10:13 +01:00
30d33aa8e8
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
509 lines
8.0 KiB
Bash
509 lines
8.0 KiB
Bash
#!/bin/sh
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
mkdir tmp
|
|
cd tmp
|
|
dd if=/dev/urandom bs=512 count=1 of=noise
|
|
echo "" > pwfile
|
|
|
|
certutil -d . -N -f pwfile
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
3
|
|
.example
|
|
1
|
|
n
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
3
|
|
foo.example
|
|
1
|
|
y
|
|
5
|
|
O=Foo,st=ca,c=us
|
|
1
|
|
n
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
3
|
|
.example
|
|
1
|
|
n
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
#DCISS copy certs
|
|
certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
5
|
|
6
|
|
9
|
|
n
|
|
y
|
|
|
|
n
|
|
5
|
|
6
|
|
7
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
#the following cert MUST not pass
|
|
certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
#the following cert MUST not pass
|
|
certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
|
|
0
|
|
2
|
|
3
|
|
4
|
|
9
|
|
n
|
|
n
|
|
|
|
y
|
|
0
|
|
1
|
|
9
|
|
n
|
|
CERTSCRIPT
|
|
|
|
|
|
|
|
certutil -d . -L -n ca -r > NameConstraints.ca.cert
|
|
certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
|
|
certutil -d . -L -n server1 -r > NameConstraints.server1.cert
|
|
certutil -d . -L -n server2 -r > NameConstraints.server2.cert
|
|
certutil -d . -L -n server3 -r > NameConstraints.server3.cert
|
|
certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
|
|
certutil -d . -L -n server4 -r > NameConstraints.server4.cert
|
|
certutil -d . -L -n server5 -r > NameConstraints.server5.cert
|
|
certutil -d . -L -n server6 -r > NameConstraints.server6.cert
|
|
certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
|
|
certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
|
|
certutil -d . -L -n server7 -r > NameConstraints.server7.cert
|
|
certutil -d . -L -n server8 -r > NameConstraints.server8.cert
|
|
certutil -d . -L -n server9 -r > NameConstraints.server9.cert
|
|
certutil -d . -L -n server10 -r > NameConstraints.server10.cert
|
|
certutil -d . -L -n server11 -r > NameConstraints.server11.cert
|
|
certutil -d . -L -n server11 -r > NameConstraints.server11.cert
|
|
certutil -d . -L -n server12 -r > NameConstraints.server12.cert
|
|
certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
|
|
certutil -d . -L -n server13 -r > NameConstraints.server13.cert
|
|
certutil -d . -L -n server14 -r > NameConstraints.server14.cert
|
|
certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
|
|
certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
|
|
certutil -d . -L -n server15 -r > NameConstraints.server15.cert
|
|
certutil -d . -L -n server16 -r > NameConstraints.server16.cert
|
|
certutil -d . -L -n server17 -r > NameConstraints.server17.cert
|
|
certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert
|
|
certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert
|
|
certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert
|
|
|
|
echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"
|