+echo verify request 1
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1
+
+echo verify signature
+$verifycmd -CAfile $CAcert $CAcert || exit 1
+
+echo make a user cert request
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1
+
+echo sign user cert request
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1
+$verifycmd -CAfile $CAcert $Ucert || exit 1
+
+echo Certificate details
+$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1
+
+if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
+ echo skipping DSA certificate creation
+else
+ echo make a DSA user cert request
+ CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1
+
+ echo sign DSA user cert request
+ $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1
+ $verifycmd -CAfile $CAcert $Dcert || exit 1
+
+ echo DSA Certificate details
+ $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1