Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 7fa31dee0dcfc9ef37703feef1c3d573728be742 / . / conf / CA / newIntermediate.sh
blob: 303c22e133bbc2eee87506358fe052cf60c862b7 [file] [log] [blame]
Instrumentaldf9e8272018-04-05 20:52:32 -0500[diff] [blame]1#
2# Initialize an Intermediate CA Cert.
3#
4 if [ -e intermediate.serial ]; then
5 ((SERIAL=`cat intermediate.serial` + 1))
6 else
7 SERIAL=1
8 fi
9 echo $SERIAL > intermediate.serial
10DIR=intermediate_$SERIAL
11
12mkdir -p $DIR/private $DIR/certs $DIR/newcerts
13chmod 700 $DIR/private
14chmod 755 $DIR/certs $DIR/newcerts
15touch $DIR/index.txt
Instrumental4ad47632018-07-13 15:49:26 -0500[diff] [blame]16echo "unique_subject = no" > $DIR/index.txt.attr
17
Instrumentaldf9e8272018-04-05 20:52:32 -0500[diff] [blame]18if [ ! -e $DIR/serial ]; then
19 echo '01' > $DIR/serial
20fi
21cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
22
23if [ "$1" == "" ]; then
24 CN=intermediateCA_$SERIAL
25else
26 CN=$1
27fi
28
29SUBJECT="/CN=$CN`cat subject.aaf`"
30echo $SUBJECT
31 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
32 echo "Enter the PassPhrase for the Key for $CN: "
33 `stty -echo`
34 read PASSPHRASE
35 `stty echo`
36
37 # Create a regaular rsa encrypted key
38 openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
39 -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
40 -passout stdin << EOF
41$PASSPHRASE
42EOF
43
44 chmod 400 $DIR/private/$CN.key
45 openssl req -verify -text -noout -in $DIR/$CN.csr
46
47 # Sign it
48 openssl ca -config openssl.conf -extensions v3_intermediate_ca \
Instrumental8601af62018-06-05 04:03:49 -0500[diff] [blame]49 -days 1826 \
50 -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
Instrumentaldf9e8272018-04-05 20:52:32 -0500[diff] [blame]51 -infiles $DIR/$CN.csr
52
53 openssl x509 -text -noout -in $DIR/certs/ca.crt
54
55
56 openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
57
58
59# Create a Signer p12 script
60echo openssl pkcs12 -export -name aaf_$DIR \
61 -in certs/ca.crt -inkey private/ca.key \
62 -out aaf_$DIR.p12 >> $DIR/signerP12.sh
63