conf/CA/p12.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

#
# Create a p12 file from local certs
#
echo "FQI (Fully Qualified Identity): "
read FQI

if [ "$1" = "" ]; then
  MACH=$FQI  
else 
  MACH=$1
fi

# Add Cert AND Intermediate CAs (Clients will have Root CAs (or not))
  cat $MACH.crt  > $MACH.chain
  # Add THIS Intermediate CA into chain
  cat "certs/ca.crt" >> $MACH.chain

  # Make a pkcs12 keystore, a jks keystore and a pem keystore
  rm -f $MACH.p12
  # Note: Openssl will pickup and load all Certs in the Chain file
  openssl pkcs12 -name $FQI -export -in $MACH.chain -inkey private/$MACH.key -out $MACH.p12