Instrumental | 31d847e | 2018-03-26 14:17:19 -0700 | [diff] [blame] | 1 | # |
| 2 | # Initialize a manual Cert. This is NOT entered in Certman Records |
| 3 | # |
| 4 | echo "FQI (Fully Qualified Identity): " |
| 5 | read FQI |
| 6 | if [ "$1" = "" -o "$1" = "-local" ]; then |
| 7 | echo "Personal Certificate" |
| 8 | SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" |
| 9 | else |
| 10 | echo "Application Certificate" |
| 11 | SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" |
| 12 | FQI=$1 |
| 13 | shift |
| 14 | fi |
| 15 | echo $SUBJECT |
| 16 | |
| 17 | if [ -e $FQI.csr ]; then |
| 18 | SIGN_IT=true |
| 19 | else |
| 20 | if [ "$1" = "-local" ]; then |
| 21 | echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" |
| 22 | echo "Enter the PassPhrase for the Key for $FQI: " |
| 23 | `stty -echo` |
| 24 | read PASSPHRASE |
| 25 | `stty echo` |
| 26 | |
| 27 | # remove any previous Private key |
| 28 | rm private/$FQI.key |
| 29 | # Create j regaular rsa encrypted key |
| 30 | openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \ |
| 31 | -out $FQI.csr -outform PEM -subj "$SUBJECT" \ |
| 32 | -passout stdin << EOF |
| 33 | $PASSPHRASE |
| 34 | EOF |
| 35 | chmod 400 private/$FQI.key |
| 36 | SIGN_IT=true |
| 37 | else |
| 38 | echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' |
| 39 | echo chmod 400 $FQI.key |
| 40 | echo "# All done, print result" |
| 41 | echo openssl req -verify -text -noout -in $FQI.csr |
| 42 | fi |
| 43 | fi |
| 44 | |
| 45 | if [ "$SIGN_IT" = "true" ]; then |
| 46 | # Sign it |
| 47 | openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ |
| 48 | -cert certs/ca.crt -keyfile private/ca.key \ |
| 49 | -policy policy_loose \ |
| 50 | -infiles $FQI.csr |
| 51 | fi |
| 52 | |
| 53 | |
| 54 | |
| 55 | |