diff options
author | Instrumental <jonathan.gathman@att.com> | 2018-07-13 15:49:26 -0500 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2018-07-13 15:59:11 -0500 |
commit | 4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (patch) | |
tree | 124d864d0c3e1e03015ecb70a960e434775a59ef /conf/CA/newCA.sh | |
parent | 9af4623faed6fd0bda1567cbf28899b5b5363be0 (diff) |
Make Container Config Strategy
Issue-ID: AAF-378
Change-Id: I57186f66b9713262643e0f440f5b9eb78154c155
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'conf/CA/newCA.sh')
-rw-r--r-- | conf/CA/newCA.sh | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/conf/CA/newCA.sh b/conf/CA/newCA.sh new file mode 100644 index 00000000..49b12c3f --- /dev/null +++ b/conf/CA/newCA.sh @@ -0,0 +1,59 @@ +# +# NOTE: This README is "bash" capable. bash README.txt +# +# create simple but reasonable directory structure +mkdir -p private certs newcerts +chmod 700 private +chmod 755 certs newcerts +touch index.txt +echo "unique_subject = no" > index.txt.attr + +if [ ! -e serial ]; then + echo '01' > serial +fi + +if [ "$1" == "" ]; then + CN=$1 +else + CN=RootCA +fi + +echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" +echo "Enter the PassPhrase for your Key: " +`stty -echo` +read PASSPHRASE +`stty echo` + +if [ ! -e /private/ca.ekey ]; then + # Create a regaular rsa encrypted key + openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF +$PASSPHRASE +EOF +fi + +if [ ! -e /private/ca.key ]; then + # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted. + openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF +$PASSPHRASE +EOF +fi +chmod 400 private/ca.key private/ca.ekey + + +if [ -e subject.aaf ]; then + SUBJECT="-subj /CN=$CN`cat subject.aaf`" +else + SUBJECT="" +fi + +# Generate a CA Certificate +openssl req -config openssl.conf \ + -key private/ca.key \ + -new -x509 -days 7300 -sha256 -extensions v3_ca \ + $SUBJECT \ + -out certs/ca.crt + +if [ -e certs/ca.crt ]; then + # All done, print result + openssl x509 -text -noout -in certs/ca.crt +fi |