2 # Initialize a manual Cert. This is NOT entered in Certman Records
4 echo "FQI (Fully Qualified Identity): "
6 if [ "$1" = "" -o "$1" = "-local" ]; then
7 echo "Personal Certificate"
8 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
11 echo "Application Certificate"
12 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
17 echo "Enter any SANS, delimited by spaces: "
22 if [ "$SANS" = "" ]; then
24 if [ -e $NAME.san ]; then
29 cp ../san.conf $NAME.san
32 echo "DNS.$NUM = $D" >> $NAME.san
39 if [ -e $NAME.csr ]; then
42 if [ "$1" = "-local" ]; then
43 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
44 echo "Enter the PassPhrase for the Key for $FQI: "
49 # remove any previous Private key
51 # Create j regaular rsa encrypted key
52 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
53 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
57 chmod 400 private/$NAME.key
60 echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
61 echo chmod 400 $NAME.key
62 echo "# All done, print result"
63 echo openssl req -verify -text -noout -in $NAME.csr
67 if [ "$SIGN_IT" = "true" ]; then
69 if [ -e $NAME.san ]; then
70 openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
71 -cert certs/ca.crt -keyfile private/ca.key \
72 -policy policy_loose \
77 openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
78 -cert certs/ca.crt -keyfile private/ca.key \
79 -policy policy_loose \