3 # ============LICENSE_START====================================================
5 # ===========================================================================
6 # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7 # ===========================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END====================================================
22 # Initialize an Intermediate CA Cert.
24 if [ -e intermediate.serial ]; then
25 ((SERIAL=`cat intermediate.serial` + 1))
29 echo $SERIAL > intermediate.serial
30 DIR=intermediate_$SERIAL
32 mkdir -p $DIR/private $DIR/certs $DIR/newcerts
33 chmod 700 $DIR/private
34 chmod 755 $DIR/certs $DIR/newcerts
36 echo "unique_subject = no" > $DIR/index.txt.attr
38 if [ ! -e $DIR/serial ]; then
39 echo '01' > $DIR/serial
41 cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
43 if [ "$1" == "" ]; then
44 CN=intermediateCA_$SERIAL
49 SUBJECT="/CN=$CN`cat subject.aaf`"
51 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
52 echo "Enter the PassPhrase for the Key for $CN: "
57 # Create a regaular rsa encrypted key
58 openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
59 -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
64 chmod 400 $DIR/private/ca.key
65 openssl req -verify -text -noout -in $DIR/$CN.csr
68 openssl ca -config openssl.conf -extensions v3_intermediate_ca \
70 -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
73 openssl x509 -text -noout -in $DIR/certs/ca.crt
75 openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
78 # Create a Signer p12 script
79 echo openssl pkcs12 -export -name aaf_$DIR \
80 -in certs/ca.crt -inkey private/ca.key \
81 -out aaf_$DIR.p12 >> $DIR/signerP12.sh