From 31d847ed8562bc6169fd8c33af93302d67ab074e Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 26 Mar 2018 14:17:19 -0700 Subject: AT&T 2.0.19 Code drop, stage 6 Issue-ID: AAF-197 Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804 Signed-off-by: Instrumental --- conf/CA/manual.sh | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 conf/CA/manual.sh (limited to 'conf/CA/manual.sh') diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh new file mode 100644 index 00000000..bb891759 --- /dev/null +++ b/conf/CA/manual.sh @@ -0,0 +1,55 @@ +# +# Initialize a manual Cert. This is NOT entered in Certman Records +# +echo "FQI (Fully Qualified Identity): " +read FQI +if [ "$1" = "" -o "$1" = "-local" ]; then + echo "Personal Certificate" + SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" +else + echo "Application Certificate" + SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" + FQI=$1 + shift +fi +echo $SUBJECT + +if [ -e $FQI.csr ]; then + SIGN_IT=true +else + if [ "$1" = "-local" ]; then + echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" + echo "Enter the PassPhrase for the Key for $FQI: " + `stty -echo` + read PASSPHRASE + `stty echo` + + # remove any previous Private key + rm private/$FQI.key + # Create j regaular rsa encrypted key + openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ + -out $FQI.csr -outform PEM -subj "$SUBJECT" \ + -passout stdin << EOF +$PASSPHRASE +EOF + chmod 400 private/$FQI.key + SIGN_IT=true + else + echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo chmod 400 $FQI.key + echo "# All done, print result" + echo openssl req -verify -text -noout -in $FQI.csr + fi +fi + +if [ "$SIGN_IT" = "true" ]; then + # Sign it + openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ + -cert certs/ca.crt -keyfile private/ca.key \ + -policy policy_loose \ + -infiles $FQI.csr +fi + + + + -- cgit 1.2.3-korg