Ready to generate new certificates
This commit is contained in:
parent
ac5aa1099e
commit
cc588d51f9
7 changed files with 66 additions and 208 deletions
21
misc/CA.sh
21
misc/CA.sh
|
|
@ -11,7 +11,8 @@ fi
|
|||
CAKEY=./cakey.key
|
||||
CAREQ=./careq.csr
|
||||
CACERT=./cacert.crt
|
||||
DAYS=365
|
||||
|
||||
DAYS=2
|
||||
|
||||
#GREEN="\033[1;32m"
|
||||
#RED="\033[1;31m"
|
||||
|
|
@ -63,7 +64,6 @@ case $1 in
|
|||
echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
|
||||
sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
|
||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||
sed -i "s/=.*#CERTTYPE/= objsign #CERTTYPE/" $OPENSSL_CONF
|
||||
|
||||
type pwgen > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
|
|
@ -72,10 +72,9 @@ case $1 in
|
|||
fi
|
||||
|
||||
pass=`pwgen -n -B -y 12 1`
|
||||
|
||||
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
||||
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
||||
-config $OPENSSL_CONF > $OUTPUT 2>&1
|
||||
-config $OPENSSL_CONF -extensions CORE_CA > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $OUTPUT
|
||||
clean "ca"
|
||||
|
|
@ -94,7 +93,7 @@ case $1 in
|
|||
echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
||||
openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT} \
|
||||
-days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY} \
|
||||
-selfsign -extensions v3_ca -config ${OPENSSL_CONF} \
|
||||
-selfsign -extensions CORE_CA -config ${OPENSSL_CONF} \
|
||||
-infiles ${TOP_DIR}/${CAREQ} > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $OUTPUT
|
||||
|
|
@ -108,17 +107,16 @@ case $1 in
|
|||
echo -e "${RED}Can not found the CA's key${COLOR_RST}"
|
||||
exit 2
|
||||
fi
|
||||
sed -i 's/=.*#COMMONNAME/= FIC2014 Server #COMMONNAME/' $OPENSSL_CONF
|
||||
sed -i "s/=.*#CERTTYPE/= server #CERTTYPE/" $OPENSSL_CONF
|
||||
sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
|
||||
openssl req -batch -new -keyout server.key -out server.csr \
|
||||
-days ${DAYS} -config ${OPENSSL_CONF} > $OUTPUT 2>&1
|
||||
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $OUTPUT
|
||||
exit 4
|
||||
fi
|
||||
echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
|
||||
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
||||
-out server.crt -infiles server.csr > $OUTPUT 2>&1
|
||||
-out server.crt -extensions SERVER_SSL -infiles server.csr
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "${RED}Signing failed for new server${COLOR_RST}"
|
||||
rm -rf server.key server.crt server.csr
|
||||
|
|
@ -145,7 +143,6 @@ case $1 in
|
|||
exit 2
|
||||
fi
|
||||
sed -i "s/=.*#COMMONNAME/= $2#COMMONNAME/" $OPENSSL_CONF
|
||||
sed -i "s/=.*#CERTTYPE/= client #CERTTYPE/" $OPENSSL_CONF
|
||||
|
||||
type pwgen > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
|
|
@ -156,7 +153,7 @@ case $1 in
|
|||
pass=`pwgen -n -B -y 12 1`
|
||||
|
||||
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
|
||||
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
|
||||
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} -extensions CLIENT_SSL > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
cat $OUTPUT
|
||||
clean "client" $2
|
||||
|
|
@ -165,7 +162,7 @@ case $1 in
|
|||
|
||||
echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
|
||||
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
|
||||
-config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
||||
-config ${OPENSSL_CONF} -extensions CLIENT_SSL -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
|
||||
cat $OUTPUT
|
||||
|
|
|
|||
Reference in a new issue