blob: 34aa54af361e6b39072c314241549286b2964158 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/bin/bash
#########
# ============LICENSE_START====================================================
# org.onap.aaf
# ===========================================================================
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
# ===========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END====================================================
#
# NOTE: This README is "bash" capable. bash README.txt
#
# create simple but reasonable directory structure
mkdir -p private certs newcerts
chmod 700 private
chmod 755 certs newcerts
touch index.txt
echo "unique_subject = no" > index.txt.attr
if [ ! -e serial ]; then
echo $(date +%s) > serial
fi
if [ "$1" == "" ]; then
CN=$1
else
CN=RootCA
fi
echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
echo "Enter the PassPhrase for your Key: "
`stty -echo`
read PASSPHRASE
`stty echo`
if [ ! -e /private/ca.ekey ]; then
# Create a regaular rsa encrypted key
openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF
$PASSPHRASE
EOF
fi
if [ ! -e /private/ca.key ]; then
# Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted.
openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF
$PASSPHRASE
EOF
fi
chmod 400 private/ca.key private/ca.ekey
if [ -e subject.aaf ]; then
SUBJECT="-subj /CN=$CN`cat subject.aaf`"
else
SUBJECT=""
fi
# Generate a CA Certificate
openssl req -config openssl.conf \
-key private/ca.key \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
$SUBJECT \
-out certs/ca.crt
if [ -e certs/ca.crt ]; then
# All done, print result
openssl x509 -text -noout -in certs/ca.crt
fi
|
