if [ "$1" = "" -o "$1" = "-local" ]; then
echo "Personal Certificate"
SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
+ NAME=$FQI
else
echo "Application Certificate"
SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
- FQI=$1
+ FQDN=$1
+ NAME=$FQDN
shift
fi
echo $SUBJECT
`stty echo`
# remove any previous Private key
- rm private/$FQI.key
+ rm private/$NAME.key
# Create j regaular rsa encrypted key
- openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
- -out $FQI.csr -outform PEM -subj "$SUBJECT" \
+ openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
+ -out $NAME.csr -outform PEM -subj "$SUBJECT" \
-passout stdin << EOF
$PASSPHRASE
EOF
- chmod 400 private/$FQI.key
+ chmod 400 private/$NAME.key
SIGN_IT=true
else
- echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
- echo chmod 400 $FQI.key
+ echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
+ echo chmod 400 $NAME.key
echo "# All done, print result"
- echo openssl req -verify -text -noout -in $FQI.csr
+ echo openssl req -verify -text -noout -in $NAME.csr
fi
fi
if [ "$SIGN_IT" = "true" ]; then
# Sign it
- openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
+ openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
- -infiles $FQI.csr
+ -infiles $NAME.csr
fi
Code Review / aaf / authz.git / blobdiff