From 61d24f102d114a001fc8942bcb27620a242ec4c5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 9 Sep 2012 20:47:36 +0000 Subject: [PATCH] update README --- demos/certs/README | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/demos/certs/README b/demos/certs/README index d022d0afc0..126663a1d8 100644 --- a/demos/certs/README +++ b/demos/certs/README @@ -3,7 +3,19 @@ a script. This is often a cause for confusion which can result in incorrect CA certificates, obsolete V1 certificates or duplicate serial numbers. The range of command line options can be daunting for a beginner. -This is a simple example of how to generate certificates automatically -using scripts. Example creates a root CA, a server certificate signed by -the root, an intermediate CA signed by the root and finally a client -certificate signed by the intermediate CA. +The mkcerts.sh script is an example of how to generate certificates +automatically using scripts. Example creates a root CA, an intermediate CA +signed by the root and several certificates signed by the intermediate CA. + +The script then creates an empty index.txt file and adds entries for the +certificates and generates a CRL. Then one certificate is revoked and a +second CRL generated. + +The script ocsprun.sh runs the test responder on port 8888 covering the +client certificates. + +The script ocspquery.sh queries the status of the certificates using the +test responder. + + + -- 2.40.0