From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <wk@koszkonutek-tmp.pl.eu.org>
Date: Fri, 30 Apr 2021 00:33:56 +0200
Subject: initial/final commit

---
 openssl-1.1.0h/demos/certs/README | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 openssl-1.1.0h/demos/certs/README

(limited to 'openssl-1.1.0h/demos/certs/README')

diff --git a/openssl-1.1.0h/demos/certs/README b/openssl-1.1.0h/demos/certs/README
new file mode 100644
index 0000000..126663a
--- /dev/null
+++ b/openssl-1.1.0h/demos/certs/README
@@ -0,0 +1,21 @@
+There is often a need to generate test certificates automatically using
+a script. This is often a cause for confusion which can result in incorrect
+CA certificates, obsolete V1 certificates or duplicate serial numbers.
+The range of command line options can be daunting for a beginner.
+
+The mkcerts.sh script is an example of how to generate certificates
+automatically using scripts. Example creates a root CA, an intermediate CA
+signed by the root and several certificates signed by the intermediate CA.
+
+The script then creates an empty index.txt file and adds entries for the
+certificates and generates a CRL. Then one certificate is revoked and a 
+second CRL generated.
+
+The script ocsprun.sh runs the test responder on port 8888 covering the
+client certificates.
+
+The script ocspquery.sh queries the status of the certificates using the
+test responder.
+
+
+
-- 
cgit v1.2.3