summaryrefslogtreecommitdiffstats
path: root/conf/CA/newCA.sh
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-13 15:49:26 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-13 15:59:11 -0500
commit4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (patch)
tree124d864d0c3e1e03015ecb70a960e434775a59ef /conf/CA/newCA.sh
parent9af4623faed6fd0bda1567cbf28899b5b5363be0 (diff)
Make Container Config Strategy
Issue-ID: AAF-378 Change-Id: I57186f66b9713262643e0f440f5b9eb78154c155 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'conf/CA/newCA.sh')
-rw-r--r--conf/CA/newCA.sh59
1 files changed, 59 insertions, 0 deletions
diff --git a/conf/CA/newCA.sh b/conf/CA/newCA.sh
new file mode 100644
index 00000000..49b12c3f
--- /dev/null
+++ b/conf/CA/newCA.sh
@@ -0,0 +1,59 @@
+#
+# NOTE: This README is "bash" capable. bash README.txt
+#
+# create simple but reasonable directory structure
+mkdir -p private certs newcerts
+chmod 700 private
+chmod 755 certs newcerts
+touch index.txt
+echo "unique_subject = no" > index.txt.attr
+
+if [ ! -e serial ]; then
+ echo '01' > serial
+fi
+
+if [ "$1" == "" ]; then
+ CN=$1
+else
+ CN=RootCA
+fi
+
+echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
+echo "Enter the PassPhrase for your Key: "
+`stty -echo`
+read PASSPHRASE
+`stty echo`
+
+if [ ! -e /private/ca.ekey ]; then
+ # Create a regaular rsa encrypted key
+ openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF
+$PASSPHRASE
+EOF
+fi
+
+if [ ! -e /private/ca.key ]; then
+ # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted.
+ openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF
+$PASSPHRASE
+EOF
+fi
+chmod 400 private/ca.key private/ca.ekey
+
+
+if [ -e subject.aaf ]; then
+ SUBJECT="-subj /CN=$CN`cat subject.aaf`"
+else
+ SUBJECT=""
+fi
+
+# Generate a CA Certificate
+openssl req -config openssl.conf \
+ -key private/ca.key \
+ -new -x509 -days 7300 -sha256 -extensions v3_ca \
+ $SUBJECT \
+ -out certs/ca.crt
+
+if [ -e certs/ca.crt ]; then
+ # All done, print result
+ openssl x509 -text -noout -in certs/ca.crt
+fi