| 6930 |
dpurdie |
1 |
#! /bin/bash
|
|
|
2 |
#
|
|
|
3 |
# Only every needs to be run ONCE
|
|
|
4 |
# Here as a reference as to how it wa done
|
|
|
5 |
|
|
|
6 |
ROOTCA=VixPulseManifestRootCA
|
|
|
7 |
ROOT_FQDN=Vix.Pulse.Manifest.RootCA
|
|
|
8 |
|
|
|
9 |
# Generate a config file for creating the csr (cert signing Request)
|
|
|
10 |
cat << EOF > ${ROOTCA}.cnf
|
|
|
11 |
# OpenSSL configuration file for creating a CSR for a server certificate
|
|
|
12 |
|
|
|
13 |
# the fully qualified server (or service) name
|
|
|
14 |
FQDN = ${ROOT_FQDN}
|
|
|
15 |
|
|
|
16 |
# the name of your organization
|
|
|
17 |
ORGNAME = Vix Technology
|
|
|
18 |
|
|
|
19 |
# --- no modifications required below ---
|
|
|
20 |
[ req ]
|
|
|
21 |
default_bits = 2048
|
|
|
22 |
default_md = sha256
|
|
|
23 |
prompt = no
|
|
|
24 |
encrypt_key = no
|
|
|
25 |
|
|
|
26 |
distinguished_name = dn
|
|
|
27 |
req_extensions = req_ext
|
|
|
28 |
x509_extensions = x509_ext
|
|
|
29 |
|
|
|
30 |
[ x509_ext ]
|
|
|
31 |
basicConstraints = CA:TRUE
|
|
|
32 |
keyUsage = digitalSignature, keyEncipherment , cRLSign , keyCertSign
|
|
|
33 |
|
|
|
34 |
[ dn ]
|
|
|
35 |
C = AU
|
|
|
36 |
O = \$ORGNAME
|
|
|
37 |
CN = \$FQDN
|
|
|
38 |
|
|
|
39 |
[ req_ext ]
|
|
|
40 |
|
|
|
41 |
EOF
|
|
|
42 |
|
|
|
43 |
echo "Generate ROOT CA"
|
|
|
44 |
openssl genrsa -out ${ROOTCA}.key 2048 2> /dev/null
|
|
|
45 |
openssl req -x509 -new -nodes -key ${ROOTCA}.key -sha256 -days 36500 -out ${ROOTCA}.crt -config ${ROOTCA}.cnf
|
|
|
46 |
openssl verify -CAfile ${ROOTCA}.crt ${ROOTCA}.crt
|
|
|
47 |
|
|
|
48 |
echo Generated: ${ROOTCA}.key
|
|
|
49 |
echo Generated: ${ROOTCA}.crt FQDN: \(${ROOT_FQDN}\)
|
|
|
50 |
|
|
|
51 |
rm -f *.pubkey
|
|
|
52 |
rm -f *.srl
|
|
|
53 |
rm -f *.csr
|
|
|
54 |
|
|
|
55 |
|