2 # Initialize an Intermediate CA Cert.
4 if [ -e intermediate.serial ]; then
5 ((SERIAL=`cat intermediate.serial` + 1))
9 echo $SERIAL > intermediate.serial
10 DIR=intermediate_$SERIAL
12 mkdir -p $DIR/private $DIR/certs $DIR/newcerts
13 chmod 700 $DIR/private
14 chmod 755 $DIR/certs $DIR/newcerts
16 echo "unique_subject = no" > $DIR/index.txt.attr
18 if [ ! -e $DIR/serial ]; then
19 echo '01' > $DIR/serial
21 cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
23 if [ "$1" == "" ]; then
24 CN=intermediateCA_$SERIAL
29 SUBJECT="/CN=$CN`cat subject.aaf`"
31 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
32 echo "Enter the PassPhrase for the Key for $CN: "
37 # Create a regaular rsa encrypted key
38 openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
39 -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
44 chmod 400 $DIR/private/$CN.key
45 openssl req -verify -text -noout -in $DIR/$CN.csr
48 openssl ca -config openssl.conf -extensions v3_intermediate_ca \
50 -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
53 openssl x509 -text -noout -in $DIR/certs/ca.crt
56 openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
59 # Create a Signer p12 script
60 echo openssl pkcs12 -export -name aaf_$DIR \
61 -in certs/ca.crt -inkey private/ca.key \
62 -out aaf_$DIR.p12 >> $DIR/signerP12.sh