2 # Initialize a manual Cert. This is NOT entered in Certman Records
3 # $1 - CN (Common Name)
4 # $2 - FQI (Fully Qualified Identity)
5 # $3-$n - SANs (Service Alias Names)
9 echo "FQI (Fully Qualified Identity): "
13 if [ "$1" = "" -o "$1" = "-local" ]; then
14 echo "Personal Certificate"
15 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
18 echo "Application Certificate"
19 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
22 if [ "$3" = "" ]; then
23 echo "Enter any SANS, delimited by spaces: "
27 while [ ! "$3" = "" ]; do
35 if [ "$SANS" = "" ]; then
37 if [ -e $NAME.san ]; then
42 cp ../san.conf $NAME.san
45 echo "DNS.$NUM = $D" >> $NAME.san
52 if [ ! -e $NAME.csr ]; then
53 if [ "$1" = "-local" ]; then
54 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
55 echo "Enter the PassPhrase for the Key for $FQI: "
60 # remove any previous Private key
62 # Create regular rsa encrypted key
63 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
64 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
68 chmod 400 private/$NAME.key
70 openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
72 echo "# All done, print result"
73 openssl req -verify -text -noout -in $NAME.csr
78 if [ -e $NAME.san ]; then
79 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
80 -cert certs/ca.crt -keyfile private/ca.key \
81 -policy policy_loose \
86 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
87 -cert certs/ca.crt -keyfile private/ca.key \
88 -policy policy_loose \