diff options
Diffstat (limited to 'conf/CA/manual.sh')
| -rw-r--r-- | conf/CA/manual.sh | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh new file mode 100644 index 00000000..bb891759 --- /dev/null +++ b/conf/CA/manual.sh @@ -0,0 +1,55 @@ +# +# Initialize a manual Cert. This is NOT entered in Certman Records +# +echo "FQI (Fully Qualified Identity): " +read FQI +if [ "$1" = "" -o "$1" = "-local" ]; then + echo "Personal Certificate" + SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" +else + echo "Application Certificate" + SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" + FQI=$1 + shift +fi +echo $SUBJECT + +if [ -e $FQI.csr ]; then + SIGN_IT=true +else + if [ "$1" = "-local" ]; then + echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" + echo "Enter the PassPhrase for the Key for $FQI: " + `stty -echo` + read PASSPHRASE + `stty echo` + + # remove any previous Private key + rm private/$FQI.key + # Create j regaular rsa encrypted key + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ + -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + -passout stdin << EOF +$PASSPHRASE +EOF + chmod 400 private/$FQI.key + SIGN_IT=true + else + echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $FQI.key + echo "# All done, print result" + echo openssl req -verify -text -noout -in $FQI.csr + fi +fi + +if [ "$SIGN_IT" = "true" ]; then + # Sign it + openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + -cert certs/ca.crt -keyfile private/ca.key \ + -policy policy_loose \ + -infiles $FQI.csr +fi + + + + |