2 # Initialize an Intermediate CA Cert.
4 if [ -e intermediate.serial ]; then
5 ((SERIAL=`cat intermediate.serial` + 1))
9 echo $SERIAL > intermediate.serial
10 DIR=intermediate_$SERIAL
12 mkdir -p $DIR/private $DIR/certs $DIR/newcerts
13 chmod 700 $DIR/private
14 chmod 755 $DIR/certs $DIR/newcerts
16 if [ ! -e $DIR/serial ]; then
17 echo '01' > $DIR/serial
19 cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
21 if [ "$1" == "" ]; then
22 CN=intermediateCA_$SERIAL
27 SUBJECT="/CN=$CN`cat subject.aaf`"
29 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
30 echo "Enter the PassPhrase for the Key for $CN: "
35 # Create a regaular rsa encrypted key
36 openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
37 -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
42 chmod 400 $DIR/private/$CN.key
43 openssl req -verify -text -noout -in $DIR/$CN.csr
46 openssl ca -config openssl.conf -extensions v3_intermediate_ca \
47 -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
50 openssl x509 -text -noout -in $DIR/certs/ca.crt
53 openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
56 # Create a Signer p12 script
57 echo openssl pkcs12 -export -name aaf_$DIR \
58 -in certs/ca.crt -inkey private/ca.key \
59 -out aaf_$DIR.p12 >> $DIR/signerP12.sh