# #!/bin/sh
# # Based on: https://gist.github.com/granella/01ba0944865d99227cf080e97f4b3cb6

# PASSWORD=V3ryS3cr3tP4ssw0rd

# echo "===================================================="
# echo "Creating fake third-party chain root -> ca"
# echo "===================================================="

# # generate private keys (for root and ca)
# keytool -genkeypair -alias root -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore root.p12 -keypass $PASSWORD -storepass $PASSWORD
# keytool -genkeypair -alias ca -dname "cn=egommerce.local" -validity 3650 -keyalg RSA -keysize 2048 -ext bc:c -storetype PKCS12 -keystore ca.p12 -keypass $PASSWORD -storepass $PASSWORD

# # generate root certificate
# keytool -exportcert -rfc -storetype PKCS12 -keystore root.p12 -alias root -storepass $PASSWORD > root.pem

# # generate a certificate for ca signed by root (root -> ca)
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -certreq -alias ca \
# | keytool -storetype PKCS12 -keystore root.p12 -storepass $PASSWORD -gencert -alias root -ext bc=0 -ext san=dns:ca -rfc > ca.pem

# # import ca cert chain into ca.p12
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file root.pem
# keytool -storetype PKCS12 -keystore ca.p12 -storepass $PASSWORD -importcert -alias ca -file ca.pem






# # openssl req -new -keyout api-registry-ca.key -out api-registry-ca.req

# # openssl x509 -signkey api-registry-ca.key -req -days 3650 -in api-registry-ca.req -out api-registry-ca.crt -extensions v3_ca

# #####
# #
# # keytool -alias root -dname "cn=RootCA, ou=Root_CertificateAuthority, o=CertificateAuthority, c=IN" -genkeypair -storepass "V3ryS3cr3tP4ssw0rd" -keyalg RSA