diff options
Diffstat (limited to 'conf/CA/manual.sh')
-rw-r--r-- | conf/CA/manual.sh | 56 |
1 files changed, 42 insertions, 14 deletions
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index eb391591..00a23ec8 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -6,15 +6,37 @@ read FQI if [ "$1" = "" -o "$1" = "-local" ]; then echo "Personal Certificate" SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" + NAME=$FQI else echo "Application Certificate" SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" - FQI=$1 + FQDN=$1 + NAME=$FQDN shift + + echo "Enter any SANS, delimited by spaces: " + read SANS +fi + +# Do SANs +if [ "$SANS" = "" ]; then + echo no SANS + if [ -e $NAME.san ]; then + rm $NAME.san + fi + else + echo some SANS + cp ../san.conf $NAME.san + NUM=1 + for D in $SANS; do + echo "DNS.$NUM = $D" >> $NAME.san + NUM=$((NUM+1)) + done fi + echo $SUBJECT -if [ -e $FQI.csr ]; then +if [ -e $NAME.csr ]; then SIGN_IT=true else if [ "$1" = "-local" ]; then @@ -25,32 +47,38 @@ else `stty echo` # remove any previous Private key - rm private/$FQI.key + rm private/$NAME.key # Create j regaular rsa encrypted key - openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ - -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \ + -out $NAME.csr -outform PEM -subj "$SUBJECT" \ -passout stdin << EOF $PASSPHRASE EOF - chmod 400 private/$FQI.key + chmod 400 private/$NAME.key SIGN_IT=true else - echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' - echo chmod 400 $FQI.key + echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $NAME.key echo "# All done, print result" - echo openssl req -verify -text -noout -in $FQI.csr + echo openssl req -verify -text -noout -in $NAME.csr fi fi if [ "$SIGN_IT" = "true" ]; then # Sign it - openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + if [ -e $NAME.san ]; then + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ + -cert certs/ca.crt -keyfile private/ca.key \ + -policy policy_loose \ + -days 360 \ + -extfile $NAME.san \ + -infiles $NAME.csr + else + openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \ -cert certs/ca.crt -keyfile private/ca.key \ -policy policy_loose \ -days 360 \ - -infiles $FQI.csr + -infiles $NAME.csr + fi fi - - - |