blob: b20715040a99eb23441d08fa87b8dc2d34ae6eb5 [file] [log] [blame]
#
# Initialize a manual Cert. This is NOT entered in Certman Records
#
if [ -e intermediate.serial ]; then
((SERIAL=`cat intermediate.serial` + 1))
else
SERIAL=1
fi
echo $SERIAL > intermediate.serial
DIR=intermediate_$SERIAL
mkdir -p $DIR/private $DIR/certs $DIR/newcerts
chmod 700 $DIR/private
chmod 755 $DIR/certs $DIR/newcerts
touch $DIR/index.txt
if [ ! -e $DIR/serial ]; then
echo '01' > $DIR/serial
fi
cp manual.sh p12.sh subject.aaf $DIR
if [ "$1" == "" ]; then
CN=intermediateCA_$SERIAL
else
CN=$1
fi
SUBJECT="/CN=$CN`cat subject.aaf`"
echo $SUBJECT
echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
echo "Enter the PassPhrase for the Key for $CN: "
`stty -echo`
read PASSPHRASE
`stty echo`
# Create a regaular rsa encrypted key
openssl req -new -newkey rsa:4096 -sha256 -keyout $DIR/private/ca.key \
-out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
-passout stdin << EOF
$PASSPHRASE
EOF
chmod 400 $DIR/private/$CN.key
openssl req -verify -text -noout -in $DIR/$CN.csr
# Sign it
openssl ca -config openssl.conf -extensions v3_intermediate_ca \
-cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
-infiles $DIR/$CN.csr
openssl x509 -text -noout -in $DIR/certs/ca.crt
openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt