X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=conf%2FCA%2FnewIntermediate.sh;h=ebd23eeb669cdb8319b6e0f575569642937707ef;hb=7a1817bf3cf3c40c6c33f673ddc46c3f115cc3bc;hp=88b524b92dcf42173f806b4baa624cb0ef0b589a;hpb=df9e827fa3ec1c7e32b5f5eb7a63a4c11f9da4a7;p=aaf%2Fauthz.git

diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh
index 88b524b9..ebd23eeb 100644
--- a/conf/CA/newIntermediate.sh
+++ b/conf/CA/newIntermediate.sh
@@ -1,10 +1,30 @@
+#!/bin/bash
+#########
+#  ============LICENSE_START====================================================
+#  org.onap.aaf
+#  ===========================================================================
+#  Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+#  ===========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END====================================================
+#
 #
 # Initialize an Intermediate CA Cert.  
 #
   if [ -e intermediate.serial ]; then
     ((SERIAL=`cat intermediate.serial` + 1))
   else
-    SERIAL=1
+    SERIAL=$(date +%s)
   fi
   echo $SERIAL > intermediate.serial
 DIR=intermediate_$SERIAL
@@ -13,6 +33,8 @@ mkdir -p $DIR/private $DIR/certs $DIR/newcerts
 chmod 700 $DIR/private
 chmod 755 $DIR/certs $DIR/newcerts
 touch $DIR/index.txt
+echo "unique_subject = no" > $DIR/index.txt.attr
+
 if [ ! -e $DIR/serial ]; then
   echo '01' > $DIR/serial
 fi
@@ -39,18 +61,18 @@ echo $SUBJECT
 $PASSPHRASE
 EOF
 
-  chmod 400 $DIR/private/$CN.key 
+  chmod 400 $DIR/private/ca.key
   openssl req -verify -text -noout -in $DIR/$CN.csr
 
   # Sign it
   openssl ca -config openssl.conf -extensions v3_intermediate_ca \
-     -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
+	-days 1826 \
+  -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
 	-infiles $DIR/$CN.csr
 
-    openssl x509 -text -noout -in $DIR/certs/ca.crt
-
+   openssl x509 -text -noout -in $DIR/certs/ca.crt
 
-     openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
+   openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
 
 
 # Create a Signer p12 script