diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:19 -0700 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:24 -0700 |
commit | 31d847ed8562bc6169fd8c33af93302d67ab074e (patch) | |
tree | 9ba9d7d690134c5497bee82179f22cb93a54fc05 /conf/CA/manual.sh | |
parent | 0ed473b17619d749bbdf56ad17199e71fb04c2be (diff) |
AT&T 2.0.19 Code drop, stage 6
Issue-ID: AAF-197
Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/manual.sh')
-rw-r--r-- | conf/CA/manual.sh | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh new file mode 100644 index 00000000..bb891759 --- /dev/null +++ b/conf/CA/manual.sh @@ -0,0 +1,55 @@ +# +# Initialize a manual Cert. This is NOT entered in Certman Records +# +echo "FQI (Fully Qualified Identity): " +read FQI +if [ "$1" = "" -o "$1" = "-local" ]; then + echo "Personal Certificate" + SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" +else + echo "Application Certificate" + SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" + FQI=$1 + shift +fi +echo $SUBJECT + +if [ -e $FQI.csr ]; then + SIGN_IT=true +else + if [ "$1" = "-local" ]; then + echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" + echo "Enter the PassPhrase for the Key for $FQI: " + `stty -echo` + read PASSPHRASE + `stty echo` + + # remove any previous Private key + rm private/$FQI.key + # Create j regaular rsa encrypted key + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ + -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + -passout stdin << EOF +$PASSPHRASE +EOF + chmod 400 private/$FQI.key + SIGN_IT=true + else + echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $FQI.key + echo "# All done, print result" + echo openssl req -verify -text -noout -in $FQI.csr + fi +fi + +if [ "$SIGN_IT" = "true" ]; then + # Sign it + openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + -cert certs/ca.crt -keyfile private/ca.key \ + -policy policy_loose \ + -infiles $FQI.csr +fi + + + + |