blob: 698307a5c636b6605ae576912399f14961101559 [file] [log] [blame]
Instrumental31d847e2018-03-26 14:17:19 -07001#
2# NOTE: This README is "bash" capable. bash README.txt
3#
4# create simple but reasonable directory structure
5mkdir -p private certs newcerts
6chmod 700 private
7chmod 755 certs newcerts
8touch index.txt
Instrumental4ad47632018-07-13 15:49:26 -05009echo "unique_subject = no" > index.txt.attr
10
Instrumental31d847e2018-03-26 14:17:19 -070011if [ ! -e serial ]; then
Instrumentalc3ca46e2018-09-25 08:25:52 -050012 echo $(date +%s) > serial
Instrumental31d847e2018-03-26 14:17:19 -070013fi
14
15if [ "$1" == "" ]; then
16 CN=$1
17else
18 CN=RootCA
19fi
20
21echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
22echo "Enter the PassPhrase for your Key: "
23`stty -echo`
24read PASSPHRASE
25`stty echo`
26
27if [ ! -e /private/ca.ekey ]; then
28 # Create a regaular rsa encrypted key
29 openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF
30$PASSPHRASE
31EOF
32fi
33
34if [ ! -e /private/ca.key ]; then
35 # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted.
36 openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF
37$PASSPHRASE
38EOF
39fi
40chmod 400 private/ca.key private/ca.ekey
41
42
43if [ -e subject.aaf ]; then
44 SUBJECT="-subj /CN=$CN`cat subject.aaf`"
45else
46 SUBJECT=""
47fi
48
49# Generate a CA Certificate
50openssl req -config openssl.conf \
51 -key private/ca.key \
52 -new -x509 -days 7300 -sha256 -extensions v3_ca \
53 $SUBJECT \
54 -out certs/ca.crt
55
56if [ -e certs/ca.crt ]; then
57 # All done, print result
58 openssl x509 -text -noout -in certs/ca.crt
59fi