blob: b2a5db97663b3ab72ea878eb31d87c4455314416 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#!/bin/bash
#########
# ============LICENSE_START====================================================
# org.onap.aaf
# ===========================================================================
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
# ===========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END====================================================
#
#
# Initialize a manual Cert. This is NOT entered in Certman Records
# $1 - CN (Common Name)
# $2 - FQI (Fully Qualified Identity)
# $3-$n - SANs (Service Alias Names)
#
if [ "$2" = "" ]; then
echo "FQI (Fully Qualified Identity): "
read FQI
fi
if [ "$1" = "" -o "$1" = "-local" ]; then
echo "Personal Certificate"
SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
NAME=$FQI
else
echo "Application Certificate"
SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
NAME=$1
if [ "$3" = "" ]; then
echo "Enter any SANS, delimited by spaces: "
read SANS
else
SANS=""
while [ ! "$3" = "" ]; do
SANS=${SANS}" "$3
shift
done
fi
fi
# Do SANs
if [ "$SANS" = "" ]; then
echo no SANS
if [ -e $NAME.san ]; then
rm $NAME.san
fi
else
echo some SANS: $SANS
cp ../san.conf $NAME.san
NUM=1
for D in $SANS; do
echo "DNS.$NUM = $D" >> $NAME.san
NUM=$((NUM+1))
done
fi
echo $SUBJECT
if [ ! -e $NAME.csr ]; then
if [ "$1" = "-local" ]; then
echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
echo "Enter the PassPhrase for the Key for $FQI: "
`stty -echo`
read PASSPHRASE
`stty echo`
# remove any previous Private key
rm private/$NAME.key
# Create regular rsa encrypted key
openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
-out $NAME.csr -outform PEM -subj "$SUBJECT" \
-passout stdin << EOF
$PASSPHRASE
EOF
chmod 400 private/$NAME.key
else
openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
chmod 400 $NAME.key
echo "# All done, print result"
openssl req -verify -text -noout -in $NAME.csr
fi
fi
# Sign it
if [ -e $NAME.san ]; then
openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
-extfile $NAME.san \
-infiles $NAME.csr
else
openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
-infiles $NAME.csr
fi
|
