Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 68b2315d44b8df80d87b9fd050fe21aeea144c8f / . / conf / CA / manual.sh
blob: 00a23ec834ddad3faf024134e727ace17d9c46bc [file] [log] [blame]
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]1#
2# Initialize a manual Cert. This is NOT entered in Certman Records
3#
4echo "FQI (Fully Qualified Identity): "
5read FQI
6if [ "$1" = "" -o "$1" = "-local" ]; then
7 echo "Personal Certificate"
8 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]9 NAME=$FQI
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]10else
11 echo "Application Certificate"
12 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]13 FQDN=$1
14 NAME=$FQDN
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]15 shift
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame^]16
17 echo "Enter any SANS, delimited by spaces: "
18 read SANS
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]19fi
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame^]20
21# Do SANs
22if [ "$SANS" = "" ]; then
23 echo no SANS
24 if [ -e $NAME.san ]; then
25 rm $NAME.san
26 fi
27 else
28 echo some SANS
29 cp ../san.conf $NAME.san
30 NUM=1
31 for D in $SANS; do
32 echo "DNS.$NUM = $D" >> $NAME.san
33 NUM=$((NUM+1))
34 done
35fi
36
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]37echo $SUBJECT
38
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame^]39if [ -e $NAME.csr ]; then
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]40 SIGN_IT=true
41else
42 if [ "$1" = "-local" ]; then
43 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
44 echo "Enter the PassPhrase for the Key for $FQI: "
45 `stty -echo`
46 read PASSPHRASE
47 `stty echo`
48
49 # remove any previous Private key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]50 rm private/$NAME.key
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]51 # Create j regaular rsa encrypted key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]52 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
53 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]54 -passout stdin << EOF
55$PASSPHRASE
56EOF
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]57 chmod 400 private/$NAME.key
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]58 SIGN_IT=true
59 else
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]60 echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
61 echo chmod 400 $NAME.key
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]62 echo "# All done, print result"
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]63 echo openssl req -verify -text -noout -in $NAME.csr
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]64 fi
65fi
66
67if [ "$SIGN_IT" = "true" ]; then
68 # Sign it
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame^]69 if [ -e $NAME.san ]; then
70 openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
71 -cert certs/ca.crt -keyfile private/ca.key \
72 -policy policy_loose \
73 -days 360 \
74 -extfile $NAME.san \
75 -infiles $NAME.csr
76 else
77 openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]78 -cert certs/ca.crt -keyfile private/ca.key \
Instrumental924b18d2018-04-05 20:17:18 -0500[diff] [blame]79 -policy policy_loose \
80 -days 360 \
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]81 -infiles $NAME.csr
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame^]82 fi
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]83fi
84