blob: bb891759a2599811677d367655ecf3d6558af7a7 [file] [log] [blame]
Instrumental31d847e2018-03-26 14:17:19 -07001#
2# Initialize a manual Cert. This is NOT entered in Certman Records
3#
4echo "FQI (Fully Qualified Identity): "
5read FQI
6if [ "$1" = "" -o "$1" = "-local" ]; then
7 echo "Personal Certificate"
8 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
9else
10 echo "Application Certificate"
11 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
12 FQI=$1
13 shift
14fi
15echo $SUBJECT
16
17if [ -e $FQI.csr ]; then
18 SIGN_IT=true
19else
20 if [ "$1" = "-local" ]; then
21 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
22 echo "Enter the PassPhrase for the Key for $FQI: "
23 `stty -echo`
24 read PASSPHRASE
25 `stty echo`
26
27 # remove any previous Private key
28 rm private/$FQI.key
29 # Create j regaular rsa encrypted key
30 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
31 -out $FQI.csr -outform PEM -subj "$SUBJECT" \
32 -passout stdin << EOF
33$PASSPHRASE
34EOF
35 chmod 400 private/$FQI.key
36 SIGN_IT=true
37 else
38 echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
39 echo chmod 400 $FQI.key
40 echo "# All done, print result"
41 echo openssl req -verify -text -noout -in $FQI.csr
42 fi
43fi
44
45if [ "$SIGN_IT" = "true" ]; then
46 # Sign it
47 openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
48 -cert certs/ca.crt -keyfile private/ca.key \
49 -policy policy_loose \
50 -infiles $FQI.csr
51fi
52
53
54
55