The usage is almost the same as CA.sh, plus some EC specific commands.
ecCa.sh -h usage: ecCA.sh [-curve name] -list-curves|-newcert|-newreq|-newreq-nodes|-newca|-sign|-pkcs12|-verify
Use -list-curves to list out all the supported curves. The default CA curve is secp521r1 and default certificate curve is prime256v1.
Here are some simple step to create a EC CA and a signed EC certificate.
- Run command "ecCA.sh -newca", which will then ask you a serious of questions to create your CA certificate. You could use the default but do remember to enter a common name for the cert, otherwise you won't be able to create one. You will have a demoCA subdirectory created under the current directory.
- Run "ecCA.sh -newreq", and answer the questions, you will have a new key and certificate request with name "newkey.pem" and "newreq.pem".
- Run "ecCA.sh -sign", and follow the instruction, you will have a signed certificate "newcert.pem".
- Run "ecCA.sh -pkcs12", will create a PKCS12 formated file "newcert.p12", which could be used to import the certificate into browser.
You could download the ecCA.sh script here.