Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Create Helm Instantiation
[aaf/authz.git] / conf / CA / bootstrap.sh
diff --git a/conf/CA/bootstrap.sh b/conf/CA/bootstrap.sh
index 20093ee..6d4e1aa 100644 (file)
--- a/conf/CA/bootstrap.sh
+++ b/conf/CA/bootstrap.sh
@@ -8,9 +8,12 @@ chmod 700 private
 chmod 755 certs newcerts
 touch index.txt
 echo "unique_subject = no" > index.txt.attr
+if [ ! -e ./serial ]; then
+  echo $(date +%s) > ./serial
+fi
 
 NAME=aaf.bootstrap
-FQDN=$(hostname -f)
+FQDN="${HOSTNAME:=$(hostname -f)}"
 FQI=aaf@aaf.osaaf.org
 SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`"
 SIGNER_P12=$1
@@ -26,6 +29,7 @@ BOOTSTRAP_CSR=/tmp/$NAME.csr
 BOOTSTRAP_CRT=/tmp/$NAME.crt
 BOOTSTRAP_CHAIN=/tmp/$NAME.chain
 BOOTSTRAP_P12=$NAME.p12
+BOOTSTRAP_ISSUER=$NAME.issuer
 
 
 # If Signer doesn't exist, create Self-Signed CA
@@ -77,7 +81,7 @@ echo Sign it
 openssl ca -batch -config openssl.conf -extensions server_cert \
        -cert $SIGNER_CRT -keyfile $SIGNER_KEY \
        -policy policy_loose \
-       -days 90 \
+       -days 365 \
        -passin stdin \
        -out $BOOTSTRAP_CRT \
        -extfile $BOOTSTRAP_SAN \
@@ -90,13 +94,25 @@ EOF
 cat $BOOTSTRAP_CRT
 cp $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN
 cat $SIGNER_CRT >> $BOOTSTRAP_CHAIN
+cat $BOOTSTRAP_CHAIN
 
 # Note: Openssl will pickup and load all Certs in the Chain file
+#openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CRT -inkey $BOOTSTRAP_KEY -CAfile $SIGNER_CRT -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
 openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CHAIN -inkey $BOOTSTRAP_KEY -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
 $PASSPHRASE
 $PASSPHRASE
 $PASSPHRASE
 EOF
 
+# Make Issuer name
+ISSUER=$(openssl x509 -subject -noout -in $SIGNER_CRT | cut -c 10-)
+for I in ${ISSUER//\// }; do
+  if [ -n "$CADI_X509_ISSUER" ]; then
+    CADI_X509_ISSUER=", $CADI_X509_ISSUER"
+  fi
+  CADI_X509_ISSUER="$I$CADI_X509_ISSUER"
+done
+echo $CADI_X509_ISSUER > $BOOTSTRAP_ISSUER
+
 # Cleanup
-rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN $SIGNER_KEY $SIGNER_CRT 
+rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $SIGNER_KEY $SIGNER_CRT $BOOTSTRAP_CHAIN
ARCHIVED- 2022-02-15 at the request of the project