From 4ad4763d8c9191998cc671a884d1af5da6ba8bb9 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 13 Jul 2018 15:49:26 -0500 Subject: Make Container Config Strategy Issue-ID: AAF-378 Change-Id: I57186f66b9713262643e0f440f5b9eb78154c155 Signed-off-by: Instrumental --- conf/CA/newCA.sh | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 conf/CA/newCA.sh (limited to 'conf/CA/newCA.sh') diff --git a/conf/CA/newCA.sh b/conf/CA/newCA.sh new file mode 100644 index 00000000..49b12c3f --- /dev/null +++ b/conf/CA/newCA.sh @@ -0,0 +1,59 @@ +# +# NOTE: This README is "bash" capable. bash README.txt +# +# create simple but reasonable directory structure +mkdir -p private certs newcerts +chmod 700 private +chmod 755 certs newcerts +touch index.txt +echo "unique_subject = no" > index.txt.attr + +if [ ! -e serial ]; then + echo '01' > serial +fi + +if [ "$1" == "" ]; then + CN=$1 +else + CN=RootCA +fi + +echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" +echo "Enter the PassPhrase for your Key: " +`stty -echo` +read PASSPHRASE +`stty echo` + +if [ ! -e /private/ca.ekey ]; then + # Create a regaular rsa encrypted key + openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF +$PASSPHRASE +EOF +fi + +if [ ! -e /private/ca.key ]; then + # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted. + openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF +$PASSPHRASE +EOF +fi +chmod 400 private/ca.key private/ca.ekey + + +if [ -e subject.aaf ]; then + SUBJECT="-subj /CN=$CN`cat subject.aaf`" +else + SUBJECT="" +fi + +# Generate a CA Certificate +openssl req -config openssl.conf \ + -key private/ca.key \ + -new -x509 -days 7300 -sha256 -extensions v3_ca \ + $SUBJECT \ + -out certs/ca.crt + +if [ -e certs/ca.crt ]; then + # All done, print result + openssl x509 -text -noout -in certs/ca.crt +fi -- cgit 1.2.3-korg