43 lines
909 B
Bash
43 lines
909 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
CURVE=secp256r1
|
||
|
DAYS=730
|
||
|
|
||
|
######
|
||
|
|
||
|
DIR=PKI
|
||
|
|
||
|
######
|
||
|
|
||
|
set -e -u
|
||
|
|
||
|
if [[ $# -lt 1 ]] ; then
|
||
|
echo "Missing card certificate identifier" 1>&2
|
||
|
exit 1
|
||
|
fi
|
||
|
if [[ $# -gt 1 ]] ; then
|
||
|
echo "Too many parameters" 1>&2
|
||
|
exit 2
|
||
|
fi
|
||
|
|
||
|
if [[ ! -e "$DIR/private/ca.key.pem" ]] ; then
|
||
|
echo "Missing CA (please execute generate_ca.sh)" 1>&2
|
||
|
exit 2
|
||
|
fi
|
||
|
|
||
|
|
||
|
NAME="$1"
|
||
|
|
||
|
mkdir -p "$DIR/csr"
|
||
|
|
||
|
openssl ecparam -name "$CURVE" -genkey -check -noout -outform der -out "$DIR/private/$NAME.key.der"
|
||
|
|
||
|
openssl req -config openssl.cnf -new -sha256 -keyform der -key "$DIR/private/$NAME.key.der" -outform pem -out "$DIR/csr/$NAME.csr.pem"
|
||
|
|
||
|
openssl ca -config openssl.cnf -extensions card_cert -days $DAYS -md sha256 -in "$DIR/csr/$NAME.csr.pem" -out "$DIR/certs/$NAME.cert.pem"
|
||
|
|
||
|
openssl x509 -inform pem -in "$DIR/certs/$NAME.cert.pem" -outform der -out "$DIR/certs/$NAME.cert.der"
|
||
|
|
||
|
rm "$DIR/certs/$NAME.cert.pem"
|
||
|
|