3 # ============LICENSE_START====================================================
5 # ===========================================================================
6 # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7 # ===========================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END====================================================
21 # NOTE: This README is "bash" capable. bash README.txt
23 # create simple but reasonable directory structure
24 mkdir -p private certs newcerts
26 chmod 755 certs newcerts
28 echo "unique_subject = no" > index.txt.attr
30 if [ ! -e serial ]; then
31 echo $(date +%s) > serial
34 if [ "$1" == "" ]; then
40 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
41 echo "Enter the PassPhrase for your Key: "
46 if [ ! -e /private/ca.ekey ]; then
47 # Create a regaular rsa encrypted key
48 openssl genrsa -aes256 -out private/ca.ekey -passout stdin 4096 << EOF
53 if [ ! -e /private/ca.key ]; then
54 # Move to a Java/Filesystem readable key. Note that this one is NOT Encrypted.
55 openssl pkcs8 -in private/ca.ekey -topk8 -nocrypt -out private/ca.key -passin stdin << EOF
59 chmod 400 private/ca.key private/ca.ekey
62 if [ -e subject.aaf ]; then
63 SUBJECT="-subj /CN=$CN`cat subject.aaf`"
68 # Generate a CA Certificate
69 openssl req -config openssl.conf \
71 -new -x509 -days 7300 -sha256 -extensions v3_ca \
75 if [ -e certs/ca.crt ]; then
76 # All done, print result
77 openssl x509 -text -noout -in certs/ca.crt