summaryrefslogtreecommitdiffstats
path: root/conf/CA/manual.sh
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-04-25 15:22:38 -0500
committerInstrumental <jcgmisc@stl.gathman.org>2018-04-25 15:22:42 -0500
commit97083efad62444366028813afa7e8e56a12ab8b6 (patch)
treefe4745c4af1f6817263ecc8d99d9e98d0e8e48fd /conf/CA/manual.sh
parent1efda07f5d8e14d028fddf62dec62c95af9c7342 (diff)
Update scripts per HEAT validation
Issue-ID: AAF-256 Change-Id: Ib44e0bc99072840a389522746983fbefbbce6744 Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/manual.sh')
-rw-r--r--conf/CA/manual.sh22
1 files changed, 12 insertions, 10 deletions
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
index eb391591..7b75fbc9 100644
--- a/conf/CA/manual.sh
+++ b/conf/CA/manual.sh
@@ -6,10 +6,12 @@ read FQI
if [ "$1" = "" -o "$1" = "-local" ]; then
echo "Personal Certificate"
SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
+ NAME=$FQI
else
echo "Application Certificate"
SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
- FQI=$1
+ FQDN=$1
+ NAME=$FQDN
shift
fi
echo $SUBJECT
@@ -25,30 +27,30 @@ else
`stty echo`
# remove any previous Private key
- rm private/$FQI.key
+ rm private/$NAME.key
# Create j regaular rsa encrypted key
- openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
- -out $FQI.csr -outform PEM -subj "$SUBJECT" \
+ openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
+ -out $NAME.csr -outform PEM -subj "$SUBJECT" \
-passout stdin << EOF
$PASSPHRASE
EOF
- chmod 400 private/$FQI.key
+ chmod 400 private/$NAME.key
SIGN_IT=true
else
- echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
- echo chmod 400 $FQI.key
+ echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
+ echo chmod 400 $NAME.key
echo "# All done, print result"
- echo openssl req -verify -text -noout -in $FQI.csr
+ echo openssl req -verify -text -noout -in $NAME.csr
fi
fi
if [ "$SIGN_IT" = "true" ]; then
# Sign it
- openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
+ openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
- -infiles $FQI.csr
+ -infiles $NAME.csr
fi