README

1. Files list

 cakey.pem	Root CA private key
 cacert.pem  	Root CA for cakey.pem
 ca2key.pem	RSA private key
 ca2cert.pem 	Second-level RSA cert for ca2key.pem
 dsakey.pem	DSA private key
 dsacert.pem 	Third level DSA cert for dsakey.pem
 rsakey.pem	RSA private key
 rsacert.pem 	Third level RSA cert for rsacert.pem
 hmackey.bin	HMAC key ('secret')
 expired.key	key for expired cert 
 expired.crt	expired certificate 

2. How certificates were generated:

 A. Create new CA 
    > CA.pl -newca
    > cp ./demoCA/cacert.pem .
    > cp ./demoCA/private/cakey.pem .
    > openssl x509 -text -in cacert.pem

 B. Generate RSA key and second level CA
    > openssl genrsa -out ca2key.pem
    > openssl req -new -key ca2key.pem -out ca2req.pem
    > openssl ca -cert cacert.pem -keyfile cakey.pem \
	    -out ca2cert.pem -infiles ca2req.pem
    > openssl verify -CAfile cacert.pem ca2cert.pem

 C. Generate and sign DSA key with second level CA
    > penssl dsaparam -out dsakey.pem -genkey 512
    > openssl req -new -key dsakey.pem -out dsareq.pem
    > openssl ca -cert ca2cert.pem -keyfile ca2key.pem \
	    -out dsacert.pem -infiles dsareq.pem
    > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsacert.pem

 D. Generate and sign RSA key with second level CA
    > openssl genrsa -out rsakey.pem
    > openssl req -new -key rsakey.pem -out rsareq.pem
    > openssl ca -cert ca2cert.pem -keyfile ca2key.pem \
	    -out rsacert.pem -infiles rsareq.pem
    > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem rsacert.pem

