Commit 8465f797 authored by Raymond Kristiansen's avatar Raymond Kristiansen
Browse files

Automate bootstrap with use of passfile

parent 08dbd7f0
#!/bin/bash
if [ ! -f "./passfile" ]; then
echo "Please create a file called ./passfile with a secure password"
exit 1
fi
mkdir -p certs crl newcerts private
chmod 700 private
touch index.txt
echo 1000 > serial
openssl genrsa -aes256 -out private/ca.key.pem 4096
openssl genrsa -aes256 -passout file:passfile -out private/ca.key.pem 4096
chmod 400 private/ca.key.pem
openssl req -config openssl.cnf \
-key private/ca.key.pem \
-key private/ca.key.pem -passin file:passfile -batch \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.cert.pem
......
#!/bin/bash
if [ ! -f "./passfile" ]; then
echo "Please create a file called ./passfile with a secure password"
exit 1
fi
# Generate intermediate key
openssl genrsa -aes256 \
openssl genrsa -aes256 -passout file:passfile \
-out intermediate/private/intermediate.key.pem 4096
chmod 400 intermediate/private/intermediate.key.pem
# Generate intermediate cert request
openssl req -config intermediate/openssl.cnf -new -sha256 \
-passin file:passfile \
-key intermediate/private/intermediate.key.pem \
-out intermediate/csr/intermediate.csr.pem
# Sign with root ca
openssl ca -config openssl.cnf -extensions v3_intermediate_ca \
-days 3650 -notext -md sha256 \
-days 3650 -notext -md sha256 -passin file:passfile \
-in intermediate/csr/intermediate.csr.pem \
-out intermediate/certs/intermediate.cert.pem
......
......@@ -74,19 +74,14 @@ x509_extensions = v3_ca
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = NO
stateOrProvinceName_default = Norway
localityName_default =
0.organizationName_default = UH-IaaS
organizationalUnitName_default =
emailAddress_default =
commonName_default = Intermediate CA
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
......
......@@ -72,19 +72,14 @@ x509_extensions = v3_ca
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = NO
stateOrProvinceName_default = Norway
localityName_default =
0.organizationName_default = UH-IaaS
organizationalUnitName_default =
emailAddress_default =
commonName_default = Root CA
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment