poc-browser-csr-generation/setup_example_ca.sh

#!/bin/sh

if [ ! -d "exampleca" ]; then
  mkdir -p exampleca/newcerts
  touch exampleca/index.txt
  umask 077
  mkdir exampleca/private
  openssl req -new -x509 -keyout exampleca/private/ca.key.pem -out exampleca/ca.crt.pem -days 3650 \
    -subj "/CN=Example CA" -nodes -newkey rsa:3072 -addext "basicConstraints=critical,CA:true,pathlen:0"
  chmod +r exampleca/ca.crt.pem
fi