summaryrefslogtreecommitdiffstats
path: root/conf/CA/newIntermediate.sh
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-04-05 20:52:32 -0500
committerInstrumental <jcgmisc@stl.gathman.org>2018-04-05 20:52:41 -0500
commitdf9e827fa3ec1c7e32b5f5eb7a63a4c11f9da4a7 (patch)
treecdd1bcb33e7c3f0d24b582d895531af31280e8a6 /conf/CA/newIntermediate.sh
parent6cd833478d794245708ccd448a6835a0d6d3b7ce (diff)
rm CADI Cass
Issue-ID: AAF-212 Change-Id: I72b1a5ff68ae0f9527b3d82c9a84a0660fe380ae Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/newIntermediate.sh')
-rw-r--r--conf/CA/newIntermediate.sh60
1 files changed, 60 insertions, 0 deletions
diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh
new file mode 100644
index 00000000..88b524b9
--- /dev/null
+++ b/conf/CA/newIntermediate.sh
@@ -0,0 +1,60 @@
+#
+# Initialize an Intermediate CA Cert.
+#
+ if [ -e intermediate.serial ]; then
+ ((SERIAL=`cat intermediate.serial` + 1))
+ else
+ SERIAL=1
+ fi
+ echo $SERIAL > intermediate.serial
+DIR=intermediate_$SERIAL
+
+mkdir -p $DIR/private $DIR/certs $DIR/newcerts
+chmod 700 $DIR/private
+chmod 755 $DIR/certs $DIR/newcerts
+touch $DIR/index.txt
+if [ ! -e $DIR/serial ]; then
+ echo '01' > $DIR/serial
+fi
+cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
+
+if [ "$1" == "" ]; then
+ CN=intermediateCA_$SERIAL
+else
+ CN=$1
+fi
+
+SUBJECT="/CN=$CN`cat subject.aaf`"
+echo $SUBJECT
+ echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
+ echo "Enter the PassPhrase for the Key for $CN: "
+ `stty -echo`
+ read PASSPHRASE
+ `stty echo`
+
+ # Create a regaular rsa encrypted key
+ openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
+ -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
+ -passout stdin << EOF
+$PASSPHRASE
+EOF
+
+ chmod 400 $DIR/private/$CN.key
+ openssl req -verify -text -noout -in $DIR/$CN.csr
+
+ # Sign it
+ openssl ca -config openssl.conf -extensions v3_intermediate_ca \
+ -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
+ -infiles $DIR/$CN.csr
+
+ openssl x509 -text -noout -in $DIR/certs/ca.crt
+
+
+ openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
+
+
+# Create a Signer p12 script
+echo openssl pkcs12 -export -name aaf_$DIR \
+ -in certs/ca.crt -inkey private/ca.key \
+ -out aaf_$DIR.p12 >> $DIR/signerP12.sh
+