-
Notifications
You must be signed in to change notification settings - Fork 0
/
init_ca.sh
executable file
·51 lines (43 loc) · 1.02 KB
/
init_ca.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh
# Based on a template by BASH3 Boilerplate v2.3.0
# http://bash3boilerplate.sh/#authors
#
# The MIT License (MIT)
# Copyright (c) 2013 Kevin van Zonneveld and contributors
# You are not obligated to bundle the LICENSE file with your b3bp projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error. Append "|| true" if you expect an error.
set -o errexit
# Do not allow use of undefined vars. Use ${VAR:-} to use an undefined VAR
set -o nounset
. ./SETTINGS
cd "$(dirname "$0")"
if [ -d "pki/ca" ]; then
echo "CA does already exist." >&2
exit 1
fi
mkdir pki/ca
cd pki/ca
mkdir certs
mkdir crl
touch index.txt
mkdir newcerts
mkdir private
chmod 0700 private
echo 01 > serial
openssl genrsa \
-aes256 \
-out private/cakey.pem 4096
openssl req \
-days 7300 \
-sha256 \
-new \
-x509 \
-key private/cakey.pem \
-out cacert.pem \
-config ../openssl.cnf \
-subj "/CN=CA for $HOSTNAME"
echo "Created CA Certificate:"
openssl x509 -noout \
-text \
-in cacert.pem