summaryrefslogtreecommitdiffstats
path: root/conf/CA
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-04-05 20:17:18 -0500
committerInstrumental <jcgmisc@stl.gathman.org>2018-04-05 20:17:25 -0500
commit924b18d7469204ceaae60d7345712ea09f75a674 (patch)
treeb4584c2731c82f484a31feadcb71d75c3613af43 /conf/CA
parent33e7b1a9fa15b0b699d16e359b406195b7fe87be (diff)
Add Certs, Docker Build
Issue-ID: AAF-211 Change-Id: Idc7630578155586a6e53d7af80dd16e4e0ac41ca Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'conf/CA')
-rw-r--r--conf/CA/clean.sh2
-rw-r--r--conf/CA/manual.sh5
-rw-r--r--conf/CA/p12.sh5
3 files changed, 6 insertions, 6 deletions
diff --git a/conf/CA/clean.sh b/conf/CA/clean.sh
index 3df61082..593a0a6c 100644
--- a/conf/CA/clean.sh
+++ b/conf/CA/clean.sh
@@ -1 +1 @@
-rm -Rf private certs newcerts index* serial* intermediateCAs
+rm -Rf private certs newcerts index* serial* intermediate.serial intermediate_*
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
index bb891759..eb391591 100644
--- a/conf/CA/manual.sh
+++ b/conf/CA/manual.sh
@@ -35,7 +35,7 @@ EOF
chmod 400 private/$FQI.key
SIGN_IT=true
else
- echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
+ echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
echo chmod 400 $FQI.key
echo "# All done, print result"
echo openssl req -verify -text -noout -in $FQI.csr
@@ -46,7 +46,8 @@ if [ "$SIGN_IT" = "true" ]; then
# Sign it
openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
-cert certs/ca.crt -keyfile private/ca.key \
- -policy policy_loose \
+ -policy policy_loose \
+ -days 360 \
-infiles $FQI.csr
fi
diff --git a/conf/CA/p12.sh b/conf/CA/p12.sh
index f490b187..53184e2f 100644
--- a/conf/CA/p12.sh
+++ b/conf/CA/p12.sh
@@ -12,9 +12,8 @@ fi
# Add Cert AND Intermediate CAs (Clients will have Root CAs (or not))
cat $MACH.crt > $MACH.chain
- for CA in `ls intermediateCAs`; do
- cat "intermediateCAs/$CA" >> $MACH.chain
- done
+ # Add THIS Intermediate CA into chain
+ cat "certs/ca.crt" >> $MACH.chain
# Make a pkcs12 keystore, a jks keystore and a pem keystore
rm -f $MACH.p12