diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:19 -0700 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:17:24 -0700 |
commit | 31d847ed8562bc6169fd8c33af93302d67ab074e (patch) | |
tree | 9ba9d7d690134c5497bee82179f22cb93a54fc05 /conf/CA/newca.sh | |
parent | 0ed473b17619d749bbdf56ad17199e71fb04c2be (diff) |
AT&T 2.0.19 Code drop, stage 6
Issue-ID: AAF-197
Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA/newca.sh')
-rw-r--r-- | conf/CA/newca.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/conf/CA/newca.sh b/conf/CA/newca.sh new file mode 100644 index 00000000..5f49f38a --- /dev/null +++ b/conf/CA/newca.sh @@ -0,0 +1,57 @@ +# +# NOTE: This README is "bash" capable. bash README.txt +# +# create simple but reasonable directory structure +mkdir -p private certs newcerts +chmod 700 private +chmod 755 certs newcerts +touch index.txt +if [ ! -e serial ]; then + echo '01' > serial +fi + +if [ "$1" == "" ]; then + CN=$1 +else + CN=RootCA +fi + +echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" +echo "Enter the PassPhrase for your Key: " +`stty -echo` +read PASSPHRASE +`stty echo` + +if [ ! -e /private/ca.ekey ]; then + # Create a regaular rsa encrypted key + openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF +$PASSPHRASE +EOF +fi + +if [ ! -e /private/ca.key ]; then + # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted. + openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF +$PASSPHRASE +EOF +fi +chmod 400 private/ca.key private/ca.ekey + + +if [ -e subject.aaf ]; then + SUBJECT="-subj /CN=$CN`cat subject.aaf`" +else + SUBJECT="" +fi + +# Generate a CA Certificate +openssl req -config openssl.conf \ + -key private/ca.key \ + -new -x509 -days 7300 -sha256 -extensions v3_ca \ + $SUBJECT \ + -out certs/ca.crt + +if [ -e certs/ca.crt ]; then + # All done, print result + openssl x509 -text -noout -in certs/ca.crt +fi |