3 # ============LICENSE_START====================================================
5 # ===========================================================================
6 # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7 # ===========================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END====================================================
22 # Initialize a manual Cert. This is NOT entered in Certman Records
23 # $1 - CN (Common Name)
24 # $2 - FQI (Fully Qualified Identity)
25 # $3-$n - SANs (Service Alias Names)
28 if [ "$2" = "" ]; then
29 echo "FQI (Fully Qualified Identity): "
33 if [ "$1" = "" -o "$1" = "-local" ]; then
34 echo "Personal Certificate"
35 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
38 echo "Application Certificate"
39 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
42 if [ "$3" = "" ]; then
43 echo "Enter any SANS, delimited by spaces: "
47 while [ ! "$3" = "" ]; do
55 if [ "$SANS" = "" ]; then
57 if [ -e $NAME.san ]; then
62 cp ../san.conf $NAME.san
65 echo "DNS.$NUM = $D" >> $NAME.san
72 if [ ! -e $NAME.csr ]; then
73 if [ "$1" = "-local" ]; then
74 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
75 echo "Enter the PassPhrase for the Key for $FQI: "
80 # remove any previous Private key
82 # Create regular rsa encrypted key
83 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
84 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
88 chmod 400 private/$NAME.key
90 openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
92 echo "# All done, print result"
93 openssl req -verify -text -noout -in $NAME.csr
98 if [ -e $NAME.san ]; then
99 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
100 -cert certs/ca.crt -keyfile private/ca.key \
101 -policy policy_loose \
106 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
107 -cert certs/ca.crt -keyfile private/ca.key \
108 -policy policy_loose \