Rev 6930 | Blame | Compare with Previous | Last modification | View Log | RSS feed
#! /bin/bash## Only every needs to be run ONCE# Here as a reference as to how it wa doneROOTCA=VixPulseManifestRootCAROOT_FQDN=Vix.Pulse.Manifest.RootCA# Generate a config file for creating the csr (cert signing Request)cat << EOF > ${ROOTCA}.cnf# OpenSSL configuration file for creating a CSR for a server certificate# the fully qualified server (or service) nameFQDN = ${ROOT_FQDN}# the name of your organizationORGNAME = Vix Technology# --- no modifications required below ---[ req ]default_bits = 2048default_md = sha256prompt = noencrypt_key = nodistinguished_name = dnreq_extensions = req_extx509_extensions = x509_ext[ x509_ext ]basicConstraints = CA:TRUEkeyUsage = digitalSignature, keyEncipherment , cRLSign , keyCertSign[ dn ]C = AUO = \$ORGNAMECN = \$FQDN[ req_ext ]EOFecho "Generate ROOT CA"openssl genrsa -out ${ROOTCA}.key 2048 2> /dev/nullopenssl req -x509 -new -nodes -key ${ROOTCA}.key -sha256 -days 36500 -out ${ROOTCA}.crt -config ${ROOTCA}.cnfopenssl verify -CAfile ${ROOTCA}.crt ${ROOTCA}.crtecho Generated: ${ROOTCA}.keyecho Generated: ${ROOTCA}.crt FQDN: \(${ROOT_FQDN}\)rm -f *.pubkeyrm -f *.srlrm -f *.csr