From 31d847ed8562bc6169fd8c33af93302d67ab074e Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 26 Mar 2018 14:17:19 -0700 Subject: AT&T 2.0.19 Code drop, stage 6 Issue-ID: AAF-197 Change-Id: I77f26db1f34bea217888faaa28d4dc79f6edb804 Signed-off-by: Instrumental --- conf/CA/newca.sh | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 conf/CA/newca.sh (limited to 'conf/CA/newca.sh') diff --git a/conf/CA/newca.sh b/conf/CA/newca.sh new file mode 100644 index 00000000..5f49f38a --- /dev/null +++ b/conf/CA/newca.sh @@ -0,0 +1,57 @@ +# +# NOTE: This README is "bash" capable. bash README.txt +# +# create simple but reasonable directory structure +mkdir -p private certs newcerts +chmod 700 private +chmod 755 certs newcerts +touch index.txt +if [ ! -e serial ]; then + echo '01' > serial +fi + +if [ "$1" == "" ]; then + CN=$1 +else + CN=RootCA +fi + +echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" +echo "Enter the PassPhrase for your Key: " +`stty -echo` +read PASSPHRASE +`stty echo` + +if [ ! -e /private/ca.ekey ]; then + # Create a regaular rsa encrypted key + openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF +$PASSPHRASE +EOF +fi + +if [ ! -e /private/ca.key ]; then + # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted. + openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF +$PASSPHRASE +EOF +fi +chmod 400 private/ca.key private/ca.ekey + + +if [ -e subject.aaf ]; then + SUBJECT="-subj /CN=$CN`cat subject.aaf`" +else + SUBJECT="" +fi + +# Generate a CA Certificate +openssl req -config openssl.conf \ + -key private/ca.key \ + -new -x509 -days 7300 -sha256 -extensions v3_ca \ + $SUBJECT \ + -out certs/ca.crt + +if [ -e certs/ca.crt ]; then + # All done, print result + openssl x509 -text -noout -in certs/ca.crt +fi -- cgit 1.2.3-korg