Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Add INFO.yaml file"
[aaf/authz.git] / conf / CA / manual.sh
diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
index eb39159..00a23ec 100644 (file)
--- a/conf/CA/manual.sh
+++ b/conf/CA/manual.sh
@@ -6,15 +6,37 @@ read FQI
 if [ "$1" = "" -o "$1" = "-local" ]; then 
   echo "Personal Certificate"
   SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
+  NAME=$FQI
 else 
   echo "Application Certificate"
   SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
-  FQI=$1
+  FQDN=$1
+  NAME=$FQDN
   shift
+
+  echo "Enter any SANS, delimited by spaces: "
+  read SANS
+fi
+
+# Do SANs
+if [ "$SANS" = "" ]; then
+   echo no SANS
+    if [ -e $NAME.san ]; then 
+      rm $NAME.san
+    fi
+  else
+   echo some SANS
+    cp ../san.conf $NAME.san
+    NUM=1
+    for D in $SANS; do 
+        echo "DNS.$NUM = $D" >> $NAME.san
+       NUM=$((NUM+1))
+    done
 fi
+
 echo $SUBJECT
 
-if [ -e $FQI.csr ]; then
+if [ -e $NAME.csr ]; then
   SIGN_IT=true
 else 
   if [ "$1" = "-local" ]; then
@@ -25,32 +47,38 @@ else
        `stty echo`
  
        # remove any previous Private key
-       rm private/$FQI.key
+       rm private/$NAME.key
        # Create j regaular rsa encrypted key
-       openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
-         -out $FQI.csr -outform PEM -subj "$SUBJECT" \
+       openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
+         -out $NAME.csr -outform PEM -subj "$SUBJECT" \
          -passout stdin  << EOF
 $PASSPHRASE
 EOF
-       chmod 400 private/$FQI.key 
+       chmod 400 private/$NAME.key 
        SIGN_IT=true
   else 
-       echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
-       echo chmod 400 $FQI.key
+       echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
+       echo chmod 400 $NAME.key
        echo "# All done, print result"
-       echo openssl req -verify -text -noout -in $FQI.csr
+       echo openssl req -verify -text -noout -in $NAME.csr
   fi
 fi
 
 if [ "$SIGN_IT" = "true" ]; then
   # Sign it
-  openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
+  if [ -e $NAME.san ]; then
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+       -cert certs/ca.crt -keyfile private/ca.key \
+       -policy policy_loose \
+       -days 360 \
+       -extfile $NAME.san \
+       -infiles $NAME.csr
+  else 
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
        -cert certs/ca.crt -keyfile private/ca.key \
        -policy policy_loose \
        -days 360 \
-       -infiles $FQI.csr
+       -infiles $NAME.csr
+  fi
 fi
 
-
-
-
ARCHIVED- 2022-02-15 at the request of the project