conf/CA/manual.sh

   1 #
   2 # Initialize a manual Cert.  This is NOT entered in Certman Records
   3 #
   4 echo "FQI (Fully Qualified Identity): "
   5 read FQI
   6 if [ "$1" = "" -o "$1" = "-local" ]; then
   7   echo "Personal Certificate"
   8   SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
   9 else
  10   echo "Application Certificate"
  11   SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
  12   FQI=$1
  13   shift
  14 fi
  15 echo $SUBJECT
  16
  17 if [ -e $FQI.csr ]; then
  18   SIGN_IT=true
  19 else
  20   if [ "$1" = "-local" ]; then
  21         echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
  22         echo "Enter the PassPhrase for the Key for $FQI: "
  23         `stty -echo`
  24         read PASSPHRASE
  25         `stty echo`
  26
  27         # remove any previous Private key
  28         rm private/$FQI.key
  29         # Create j regaular rsa encrypted key
  30         openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
  31           -out $FQI.csr -outform PEM -subj "$SUBJECT" \
  32           -passout stdin  << EOF
  33 $PASSPHRASE
  34 EOF
  35         chmod 400 private/$FQI.key
  36         SIGN_IT=true
  37   else
  38         echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
  39         echo chmod 400 $FQI.key
  40         echo "# All done, print result"
  41         echo openssl req -verify -text -noout -in $FQI.csr
  42   fi
  43 fi
  44
  45 if [ "$SIGN_IT" = "true" ]; then
  46   # Sign it
  47   openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
  48         -cert certs/ca.crt -keyfile private/ca.key \
  49         -policy policy_loose \
  50         -days 360 \
  51         -infiles $FQI.csr
  52 fi
  53
  54
  55
  56