summaryrefslogtreecommitdiffstats
path: root/conf/CA/manual.sh
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-03-26 14:17:19 -0700
committerInstrumental <jcgmisc@stl.gathman.org>2018-03-26 14:17:24 -0700
commit31d847ed8562bc6169fd8c33af93302d67ab074e (patch)
tree9ba9d7d690134c5497bee82179f22cb93a54fc05 /conf/CA/manual.sh
parent0ed473b17619d749bbdf56ad17199e71fb04c2be (diff)
AT&T 2.0.19 Code drop, stage 6
Issue-ID: AAF-197 Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804 Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/manual.sh')
-rw-r--r--conf/CA/manual.sh55
1 files changed, 55 insertions, 0 deletions
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
new file mode 100644
index 00000000..bb891759
--- /dev/null
+++ b/conf/CA/manual.sh
@@ -0,0 +1,55 @@
+#
+# Initialize a manual Cert. This is NOT entered in Certman Records
+#
+echo "FQI (Fully Qualified Identity): "
+read FQI
+if [ "$1" = "" -o "$1" = "-local" ]; then
+ echo "Personal Certificate"
+ SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
+else
+ echo "Application Certificate"
+ SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
+ FQI=$1
+ shift
+fi
+echo $SUBJECT
+
+if [ -e $FQI.csr ]; then
+ SIGN_IT=true
+else
+ if [ "$1" = "-local" ]; then
+ echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
+ echo "Enter the PassPhrase for the Key for $FQI: "
+ `stty -echo`
+ read PASSPHRASE
+ `stty echo`
+
+ # remove any previous Private key
+ rm private/$FQI.key
+ # Create j regaular rsa encrypted key
+ openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
+ -out $FQI.csr -outform PEM -subj "$SUBJECT" \
+ -passout stdin << EOF
+$PASSPHRASE
+EOF
+ chmod 400 private/$FQI.key
+ SIGN_IT=true
+ else
+ echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
+ echo chmod 400 $FQI.key
+ echo "# All done, print result"
+ echo openssl req -verify -text -noout -in $FQI.csr
+ fi
+fi
+
+if [ "$SIGN_IT" = "true" ]; then
+ # Sign it
+ openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
+ -cert certs/ca.crt -keyfile private/ca.key \
+ -policy policy_loose \
+ -infiles $FQI.csr
+fi
+
+
+
+