From 924b18d7469204ceaae60d7345712ea09f75a674 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Thu, 5 Apr 2018 20:17:18 -0500 Subject: Add Certs, Docker Build Issue-ID: AAF-211 Change-Id: Idc7630578155586a6e53d7af80dd16e4e0ac41ca Signed-off-by: Instrumental --- conf/CA/clean.sh | 2 +- conf/CA/manual.sh | 5 +++-- conf/CA/p12.sh | 5 ++--- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'conf/CA') diff --git a/conf/CA/clean.sh b/conf/CA/clean.sh index 3df61082..593a0a6c 100644 --- a/conf/CA/clean.sh +++ b/conf/CA/clean.sh @@ -1 +1 @@ -rm -Rf private certs newcerts index* serial* intermediateCAs +rm -Rf private certs newcerts index* serial* intermediate.serial intermediate_* diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index bb891759..eb391591 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -35,7 +35,7 @@ EOF chmod 400 private/$FQI.key SIGN_IT=true else - echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' echo chmod 400 $FQI.key echo "# All done, print result" echo openssl req -verify -text -noout -in $FQI.csr @@ -46,7 +46,8 @@ if [ "$SIGN_IT" = "true" ]; then # Sign it openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ -cert certs/ca.crt -keyfile private/ca.key \ - -policy policy_loose \ + -policy policy_loose \ + -days 360 \ -infiles $FQI.csr fi diff --git a/conf/CA/p12.sh b/conf/CA/p12.sh index f490b187..53184e2f 100644 --- a/conf/CA/p12.sh +++ b/conf/CA/p12.sh @@ -12,9 +12,8 @@ fi # Add Cert AND Intermediate CAs (Clients will have Root CAs (or not)) cat $MACH.crt > $MACH.chain - for CA in `ls intermediateCAs`; do - cat "intermediateCAs/$CA" >> $MACH.chain - done + # Add THIS Intermediate CA into chain + cat "certs/ca.crt" >> $MACH.chain # Make a pkcs12 keystore, a jks keystore and a pem keystore rm -f $MACH.p12 -- cgit 1.2.3-korg