+#!/bin/bash
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
#
# Initialize an Intermediate CA Cert.
#
if [ -e intermediate.serial ]; then
((SERIAL=`cat intermediate.serial` + 1))
else
- SERIAL=1
+ SERIAL=$(date +%s)
fi
echo $SERIAL > intermediate.serial
DIR=intermediate_$SERIAL
chmod 700 $DIR/private
chmod 755 $DIR/certs $DIR/newcerts
touch $DIR/index.txt
+echo "unique_subject = no" > $DIR/index.txt.attr
+
if [ ! -e $DIR/serial ]; then
echo '01' > $DIR/serial
fi
$PASSPHRASE
EOF
- chmod 400 $DIR/private/$CN.key
+ chmod 400 $DIR/private/ca.key
openssl req -verify -text -noout -in $DIR/$CN.csr
# Sign it
openssl ca -config openssl.conf -extensions v3_intermediate_ca \
- -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
+ -days 1826 \
+ -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
-infiles $DIR/$CN.csr
- openssl x509 -text -noout -in $DIR/certs/ca.crt
-
+ openssl x509 -text -noout -in $DIR/certs/ca.crt
- openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
+ openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
# Create a Signer p12 script