diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:19 -0700 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:24 -0700 |
commit | 31d847ed8562bc6169fd8c33af93302d67ab074e (patch) | |
tree | 9ba9d7d690134c5497bee82179f22cb93a54fc05 /conf/CA/intermediate.sh | |
parent | 0ed473b17619d749bbdf56ad17199e71fb04c2be (diff) |
AT&T 2.0.19 Code drop, stage 6
Issue-ID: AAF-197
Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/intermediate.sh')
-rw-r--r-- | conf/CA/intermediate.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/conf/CA/intermediate.sh b/conf/CA/intermediate.sh new file mode 100644 index 00000000..b2071504 --- /dev/null +++ b/conf/CA/intermediate.sh @@ -0,0 +1,57 @@ +# +# Initialize a manual Cert. This is NOT entered in Certman Records +# + if [ -e intermediate.serial ]; then + ((SERIAL=`cat intermediate.serial` + 1)) + else + SERIAL=1 + fi + echo $SERIAL > intermediate.serial +DIR=intermediate_$SERIAL + +mkdir -p $DIR/private $DIR/certs $DIR/newcerts +chmod 700 $DIR/private +chmod 755 $DIR/certs $DIR/newcerts +touch $DIR/index.txt +if [ ! -e $DIR/serial ]; then + echo '01' > $DIR/serial +fi +cp manual.sh p12.sh subject.aaf $DIR + +if [ "$1" == "" ]; then + CN=intermediateCA_$SERIAL +else + CN=$1 +fi + +SUBJECT="/CN=$CN`cat subject.aaf`" +echo $SUBJECT + echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" + echo "Enter the PassPhrase for the Key for $CN: " + `stty -echo` + read PASSPHRASE + `stty echo` + + # Create a regaular rsa encrypted key + openssl req -new -newkey rsa:4096 -sha256 -keyout $DIR/private/ca.key \ + -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \ + -passout stdin << EOF +$PASSPHRASE +EOF + + chmod 400 $DIR/private/$CN.key + openssl req -verify -text -noout -in $DIR/$CN.csr + + # Sign it + openssl ca -config openssl.conf -extensions v3_intermediate_ca \ + -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \ + -infiles $DIR/$CN.csr + + openssl x509 -text -noout -in $DIR/certs/ca.crt + + + openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt + + + + |