| Instrumental | 31d847e | 2018-03-26 14:17:19 -0700 | [diff] [blame] | 1 | # |
| 2 | # NOTE: This README is "bash" capable. bash README.txt |
| 3 | # |
| 4 | # create simple but reasonable directory structure |
| 5 | mkdir -p private certs newcerts |
| 6 | chmod 700 private |
| 7 | chmod 755 certs newcerts |
| 8 | touch index.txt |
| Instrumental | 4ad4763 | 2018-07-13 15:49:26 -0500 | [diff] [blame] | 9 | echo "unique_subject = no" > index.txt.attr |
| 10 | |
| Instrumental | 31d847e | 2018-03-26 14:17:19 -0700 | [diff] [blame] | 11 | if [ ! -e serial ]; then |
| 12 | echo '01' > serial |
| 13 | fi |
| 14 | |
| 15 | if [ "$1" == "" ]; then |
| 16 | CN=$1 |
| 17 | else |
| 18 | CN=RootCA |
| 19 | fi |
| 20 | |
| 21 | echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" |
| 22 | echo "Enter the PassPhrase for your Key: " |
| 23 | `stty -echo` |
| 24 | read PASSPHRASE |
| 25 | `stty echo` |
| 26 | |
| 27 | if [ ! -e /private/ca.ekey ]; then |
| 28 | # Create a regaular rsa encrypted key |
| 29 | openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF |
| 30 | $PASSPHRASE |
| 31 | EOF |
| 32 | fi |
| 33 | |
| 34 | if [ ! -e /private/ca.key ]; then |
| 35 | # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted. |
| 36 | openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF |
| 37 | $PASSPHRASE |
| 38 | EOF |
| 39 | fi |
| 40 | chmod 400 private/ca.key private/ca.ekey |
| 41 | |
| 42 | |
| 43 | if [ -e subject.aaf ]; then |
| 44 | SUBJECT="-subj /CN=$CN`cat subject.aaf`" |
| 45 | else |
| 46 | SUBJECT="" |
| 47 | fi |
| 48 | |
| 49 | # Generate a CA Certificate |
| 50 | openssl req -config openssl.conf \ |
| 51 | -key private/ca.key \ |
| 52 | -new -x509 -days 7300 -sha256 -extensions v3_ca \ |
| 53 | $SUBJECT \ |
| 54 | -out certs/ca.crt |
| 55 | |
| 56 | if [ -e certs/ca.crt ]; then |
| 57 | # All done, print result |
| 58 | openssl x509 -text -noout -in certs/ca.crt |
| 59 | fi |