1#!/bin/bash -x 2 3# generate self-signed CA certificate 4gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem 5gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem 6gmssl certparse -in cacert.pem 7 8# generate a req and sign by CA certificate 9gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem 10gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key signkey.pem -pass 1234 -out signreq.pem 11gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem 12gmssl certparse -in signcert.pem 13 14# sign a encryption certificate with the same DN, different KeyUsage extension 15gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem 16gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key enckey.pem -pass 1234 -out encreq.pem 17gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem 18gmssl certparse -in enccert.pem 19 20