CA.sh: Add a Master CA
This commit is contained in:
parent
ebb0cabf9a
commit
6f260045fa
71
misc/CA.sh
71
misc/CA.sh
@ -11,17 +11,21 @@ fi
|
|||||||
CAKEY=./cakey.key
|
CAKEY=./cakey.key
|
||||||
CAREQ=./careq.csr
|
CAREQ=./careq.csr
|
||||||
CACERT=./cacert.crt
|
CACERT=./cacert.crt
|
||||||
|
MASTERKEY=./master.key
|
||||||
|
MASTEREQ=./master.csr
|
||||||
|
MASTERCERT=./master.crt
|
||||||
|
|
||||||
DAYS=365
|
DAYS=365
|
||||||
|
|
||||||
#GREEN="\033[1;32m"
|
GREEN="\033[1;32m"
|
||||||
#RED="\033[1;31m"
|
RED="\033[1;31m"
|
||||||
#COLOR_RST="\033[0m"
|
COLOR_RST="\033[0m"
|
||||||
|
|
||||||
GREEN="<font color=green>"
|
#GREEN="<font color=green>"
|
||||||
RED="<font color=red>"
|
#RED="<font color=red>"
|
||||||
COLOR_RST="</font>"
|
#COLOR_RST="</font>"
|
||||||
BOLD="<b>"
|
#BOLD="<b>"
|
||||||
END_BOLD="</b>"
|
#END_BOLD="</b>"
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
{
|
{
|
||||||
@ -61,7 +65,7 @@ case $1 in
|
|||||||
ESCAPED=$(echo "${TOP_DIR}" | sed 's/[\/\.]/\\&/g')
|
ESCAPED=$(echo "${TOP_DIR}" | sed 's/[\/\.]/\\&/g')
|
||||||
|
|
||||||
echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
|
echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
|
||||||
sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
|
sed -i 's/=.*#COMMONNAME/= FIC2014 MASTER #COMMONNAME/' $OPENSSL_CONF
|
||||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||||
sed -i "s/=.*#CERTTYPE/= objsign #CERTTYPE/" $OPENSSL_CONF
|
sed -i "s/=.*#CERTTYPE/= objsign #CERTTYPE/" $OPENSSL_CONF
|
||||||
|
|
||||||
@ -71,8 +75,36 @@ case $1 in
|
|||||||
exit 5
|
exit 5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# MASTER CA
|
||||||
|
sed -i 's/cacert\.crt/master\.crt/' $OPENSSL_CONF
|
||||||
|
sed -i 's/cakey\.key/master\.key/' $OPENSSL_CONF
|
||||||
pass=`pwgen -n -B -y 12 1`
|
pass=`pwgen -n -B -y 12 1`
|
||||||
|
echo "Master pass: " $pass
|
||||||
|
openssl req -batch -new -keyout ${TOP_DIR}/private/${MASTERKEY} \
|
||||||
|
-out ${TOP_DIR}/${MASTEREQ} -passout pass:$pass \
|
||||||
|
-config $OPENSSL_CONF > $OUTPUT 2>&1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
cat $OUTPUT
|
||||||
|
clean "ca"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e "${GREEN}Self signes the MASTER certificate${COLOR_RST}"
|
||||||
|
openssl ca -batch -create_serial -out ${TOP_DIR}/${MASTERCERT} \
|
||||||
|
-days ${DAYS} -keyfile ${TOP_DIR}/private/${MASTERKEY} \
|
||||||
|
-selfsign -extensions v3_ca -config ${OPENSSL_CONF} \
|
||||||
|
-infiles ${TOP_DIR}/${MASTEREQ} > $OUTPUT 2>&1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
cat $OUTPUT
|
||||||
|
clean "ca"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
|
||||||
|
echo -e "${GREEN}Generate CA certificate${COLOR_RST}"
|
||||||
|
|
||||||
|
pass=`pwgen -n -B -y 12 1`
|
||||||
|
echo "CA pass: " $pass
|
||||||
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
||||||
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
||||||
-config $OPENSSL_CONF > $OUTPUT 2>&1
|
-config $OPENSSL_CONF > $OUTPUT 2>&1
|
||||||
@ -90,17 +122,20 @@ case $1 in
|
|||||||
clean "ca"
|
clean "ca"
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
echo -e "${GREEN}Signing CA crt by Master${COLOR_RST}"
|
||||||
echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
||||||
openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT} \
|
-out ${TOP_DIR}/${CACERT} -infiles ${TOP_DIR}/${CAREQ}
|
||||||
-days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY} \
|
|
||||||
-selfsign -extensions v3_ca -config ${OPENSSL_CONF} \
|
|
||||||
-infiles ${TOP_DIR}/${CAREQ} > $OUTPUT 2>&1
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
|
echo -e "${RED}Signing failed for CA${COLOR_RST}"
|
||||||
|
rm -rf ${TOP_DIR}/${CACERT} ${TOP_DIR}/${CAKEY} ${TOP_DIR}/${CAREQ}
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "ca"
|
sed -i 's/master\.crt/cacert\.crt/' $OPENSSL_CONF
|
||||||
|
sed -i 's/master\.key/cakey\.key/' $OPENSSL_CONF
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
sed -i 's/master\.crt/cacert\.crt/' $OPENSSL_CONF
|
||||||
|
sed -i 's/master\.key/cakey\.key/' $OPENSSL_CONF
|
||||||
;;
|
;;
|
||||||
"-newserver" )
|
"-newserver" )
|
||||||
echo -e "${GREEN}Making the Server key and cert${COLOR_RST}"
|
echo -e "${GREEN}Making the Server key and cert${COLOR_RST}"
|
||||||
@ -108,7 +143,7 @@ case $1 in
|
|||||||
echo -e "${RED}Can not found the CA's key${COLOR_RST}"
|
echo -e "${RED}Can not found the CA's key${COLOR_RST}"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
sed -i 's/=.*#COMMONNAME/= FIC2014 Server #COMMONNAME/' $OPENSSL_CONF
|
sed -i 's/=.*#COMMONNAME/= srs.epita.fr #COMMONNAME/' $OPENSSL_CONF
|
||||||
sed -i "s/=.*#CERTTYPE/= server #CERTTYPE/" $OPENSSL_CONF
|
sed -i "s/=.*#CERTTYPE/= server #CERTTYPE/" $OPENSSL_CONF
|
||||||
openssl req -batch -new -keyout server.key -out server.csr \
|
openssl req -batch -new -keyout server.key -out server.csr \
|
||||||
-days ${DAYS} -config ${OPENSSL_CONF} > $OUTPUT 2>&1
|
-days ${DAYS} -config ${OPENSSL_CONF} > $OUTPUT 2>&1
|
||||||
@ -118,7 +153,7 @@ case $1 in
|
|||||||
fi
|
fi
|
||||||
echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
|
echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
|
||||||
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
||||||
-out server.crt -infiles server.csr > $OUTPUT 2>&1
|
-out server.crt -infiles server.csr
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${RED}Signing failed for new server${COLOR_RST}"
|
echo -e "${RED}Signing failed for new server${COLOR_RST}"
|
||||||
rm -rf server.key server.crt server.csr
|
rm -rf server.key server.crt server.csr
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user