Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 7d6102863c924000d6e1b23f0c232f49e1f611a1 / . / conf / CA / manual.sh
blob: 07a1ed6ae8c5e9d63505c429fcfc17197765cb14 [file] [log] [blame]
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]1#
2# Initialize a manual Cert. This is NOT entered in Certman Records
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]3# $1 - CN (Common Name)
4# $2 - FQI (Fully Qualified Identity)
5# $3-$n - SANs (Service Alias Names)
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]6#
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]7
8if [ "$2" = "" ]; then
9 echo "FQI (Fully Qualified Identity): "
10 read FQI
11fi
12
13if [ "$1" = "" -o "$1" = "-local" ]; then
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]14 echo "Personal Certificate"
15 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]16 NAME=$FQI
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]17else
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]18 echo "Application Certificate"
19 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]20 NAME=$1
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]21
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]22 if [ "$3" = "" ]; then
23 echo "Enter any SANS, delimited by spaces: "
24 read SANS
25 else
26 SANS=""
27 while [ ! "$3" = "" ]; do
28 SANS=${SANS}" "$3
29 shift
30 done
31 fi
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]32fi
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]33
34# Do SANs
35if [ "$SANS" = "" ]; then
36 echo no SANS
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]37 if [ -e $NAME.san ]; then
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]38 rm $NAME.san
39 fi
40 else
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]41 echo some SANS: $SANS
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]42 cp ../san.conf $NAME.san
43 NUM=1
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]44 for D in $SANS; do
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]45 echo "DNS.$NUM = $D" >> $NAME.san
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]46 NUM=$((NUM+1))
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]47 done
48fi
49
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]50echo $SUBJECT
51
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]52if [ ! -e $NAME.csr ]; then
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]53 if [ "$1" = "-local" ]; then
54 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
55 echo "Enter the PassPhrase for the Key for $FQI: "
56 `stty -echo`
57 read PASSPHRASE
58 `stty echo`
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]59
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]60 # remove any previous Private key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]61 rm private/$NAME.key
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]62 # Create regular rsa encrypted key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]63 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
64 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]65 -passout stdin << EOF
66$PASSPHRASE
67EOF
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]68 chmod 400 private/$NAME.key
69 else
70 openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
71 chmod 400 $NAME.key
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]72 echo "# All done, print result"
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]73 openssl req -verify -text -noout -in $NAME.csr
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]74 fi
75fi
76
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]77 # Sign it
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]78 if [ -e $NAME.san ]; then
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]79 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]80 -cert certs/ca.crt -keyfile private/ca.key \
81 -policy policy_loose \
82 -days 360 \
83 -extfile $NAME.san \
84 -infiles $NAME.csr
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]85 else
86 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]87 -cert certs/ca.crt -keyfile private/ca.key \
Instrumental924b18d2018-04-05 20:17:18 -0500[diff] [blame]88 -policy policy_loose \
89 -days 360 \
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]90 -infiles $NAME.csr
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]91 fi