conf/CA/manual.sh

   1 #
   2 # Initialize a manual Cert.  This is NOT entered in Certman Records
   3 #
   4 echo "FQI (Fully Qualified Identity): "
   5 read FQI
   6 if [ "$1" = "" -o "$1" = "-local" ]; then
   7   echo "Personal Certificate"
   8   SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
   9   NAME=$FQI
  10 else
  11   echo "Application Certificate"
  12   SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
  13   FQDN=$1
  14   NAME=$FQDN
  15   shift
  16 fi
  17 echo $SUBJECT
  18
  19 if [ -e $FQI.csr ]; then
  20   SIGN_IT=true
  21 else
  22   if [ "$1" = "-local" ]; then
  23         echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
  24         echo "Enter the PassPhrase for the Key for $FQI: "
  25         `stty -echo`
  26         read PASSPHRASE
  27         `stty echo`
  28
  29         # remove any previous Private key
  30         rm private/$NAME.key
  31         # Create j regaular rsa encrypted key
  32         openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
  33           -out $NAME.csr -outform PEM -subj "$SUBJECT" \
  34           -passout stdin  << EOF
  35 $PASSPHRASE
  36 EOF
  37         chmod 400 private/$NAME.key
  38         SIGN_IT=true
  39   else
  40         echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
  41         echo chmod 400 $NAME.key
  42         echo "# All done, print result"
  43         echo openssl req -verify -text -noout -in $NAME.csr
  44   fi
  45 fi
  46
  47 if [ "$SIGN_IT" = "true" ]; then
  48   # Sign it
  49   openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
  50         -cert certs/ca.crt -keyfile private/ca.key \
  51         -policy policy_loose \
  52         -days 360 \
  53         -infiles $NAME.csr
  54 fi
  55
  56
  57
  58