|
1
|
#!/bin/bash -e
|
|
2
|
|
|
3
|
tmp=/tmp/make-chained-cert.$$
|
|
4
|
trap 'echo; tput bel; echo FAILURE; rm -rf "${tmp}"; exit 1' EXIT INT TERM QUIT
|
|
5
|
mkdir -p "${tmp}/demoCA/newcerts"
|
|
6
|
printf '%08x' $$ >"${tmp}/demoCA/serial"
|
|
7
|
touch "${tmp}/demoCA/index.txt"
|
|
8
|
cd "${tmp}"
|
|
9
|
|
|
10
|
openssl req -nodes -new -x509 -keyout "${tmp}/ca-key.pem" \
|
|
11
|
-out "${tmp}/ca-cert.pem" -days 7300 \
|
|
12
|
-subj "/CN=Demo CA/" 2>/dev/null
|
|
13
|
|
|
14
|
openssl x509 -in "${tmp}/ca-cert.pem" -out "${tmp}/ca-cert.crt" 2>/dev/null
|
|
15
|
|
|
16
|
openssl req -nodes -new -keyout /dev/stdout \
|
|
17
|
-out "${tmp}/ssl-req.pem" -days 7300 -subj "/CN=$(hostname -f)/" \
|
|
18
|
2>/dev/null | cat
|
|
19
|
|
|
20
|
openssl ca -batch -keyfile "${tmp}/ca-key.pem" -cert "${tmp}/ca-cert.crt" \
|
|
21
|
-notext -policy policy_anything -days 7300 -out /dev/stdout \
|
|
22
|
-infiles "${tmp}/ssl-req.pem" 2>/dev/null | cat
|
|
23
|
cat "${tmp}/ca-cert.crt"
|
|
24
|
|
|
25
|
trap 'rm -rf "${tmp}"' EXIT INT TERM QUIT
|
|
26
|
|
|
27
|
exit 0
|