#!/bin/bash -e

wget -nc https://raw.githubusercontent.com/redhat-qe-security/certgen/refs/heads/master/certgen/lib.sh
source lib.sh

x509KeyGen ca
x509KeyGen server
x509KeyGen client
x509SelfSign --notAfter "13 years" -t ca ca
x509CertSign --notAfter "13 years" --CA ca -t webserver server
x509CertSign --notAfter "13 years" --CA ca -t webclient client

openssl x509 -in ca/cert.pem -text -noout
openssl x509 -in server/cert.pem -text -noout
openssl x509 -in client/cert.pem -text -noout
openssl verify -CAfile ca/cert.pem server/cert.pem
openssl verify -CAfile ca/cert.pem client/cert.pem
