#!/bin/bash -x
set -e
openssl genrsa -aes256 -out root.key 4096
openssl req -key root.key -new -x509 -days 3650 -sha256 -out root.crt
openssl genrsa -aes256 -out intermediate.key 2048
openssl req -new -sha256 -key intermediate.key -out intermediate.csr
openssl x509 -req -in intermediate.csr -extensions v3_ca -CA root.crt -CAkey root.key -CAcreateserial -out intermediateSIGNED.crt -days 3650 -sha256
cat intermediateSIGNED.crt root.crt > bundle.crt
openssl genrsa -aes256 -out topLevel.key 2048
openssl req -new -sha256  -key topLevel.key -out topLevel.csr
openssl x509 -req -in topLevel.csr -extensions v3_ca -CA intermediateSIGNED.crt -CAkey intermediate.key -CAcreateserial -out topLevelSIGNED.crt -days 730 -sha256
openssl x509 -noout -text -in topLevelSIGNED.crt
openssl x509 -noout -text -in intermediateSIGNED.crt
openssl x509 -noout -text -in root.crt
openssl verify -CAfile bundle.crt topLevelSIGNED.crt
openssl verify -CAfile root.crt intermediateSIGNED.crt