linx-simulator2/createCA.sh

#!/bin/sh
OPENSSL_PATH="/usr/bin" #default install path
#OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install

DAYS=$((10*365))
LEVELS=1
DN="/C=US/ST=Illinois/L=Chicago/O=Safemobile/OU=PKI"
CERTS_PATH=certs
CHAIN="$CERTS_PATH/chain.crt"

# OPENSSL_CNF="/etc/pki/tls/openssl.cnf"
OPENSSL_CNF="/etc/ssl/openssl.cnf"

mkdir -p $CERTS_PATH

#generate root key pair
$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096

#generate root self-signed cert
$OPENSSL_PATH/openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem"
cat "$CERTS_PATH/root-cert.pem" > $CHAIN


for i in `seq 1 $LEVELS`; do
    echo "Level $i"
    if [ "$i" -eq 1 ]; then
        SIGNER_CERT="$CERTS_PATH/root-cert.pem"
        SIGNER_KEY="$CERTS_PATH/root-key.pem"
    else
        SIGNER_CERT="$CERTS_PATH/ca$((i-1))-cert.pem"
        SIGNER_KEY="$CERTS_PATH/ca$((i-1))-key.pem"
    fi

    #generate key pair
    $OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096

    #generate signing request
    $OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem"

echo "-------------"
echo ">>>>>>>>>>>>>>>>>"$SIGNER_CERT
echo ">>>>>>>>>>>>>>>>>"$SIGNER_KEY

    #sign new cert
    $OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \
            -set_serial $i -out "$CERTS_PATH/ca$i-cert.pem" -extfile $OPENSSL_CNF -extensions v3_ca
    cat "$CERTS_PATH/ca$i-cert.pem" >> $CHAIN
echo "-------------"

done
Simulator first commit 2019-09-18 08:11:16 +00:00			`#!/bin/sh`
revert certs for default openssl and change only if needed 2023-03-28 21:54:56 +00:00			`OPENSSL_PATH="/usr/bin" #default install path`
			`#OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install`
Simulator first commit 2019-09-18 08:11:16 +00:00
			`DAYS=$((10*365))`
			`LEVELS=1`
			`DN="/C=US/ST=Illinois/L=Chicago/O=Safemobile/OU=PKI"`
			`CERTS_PATH=certs`
			`CHAIN="$CERTS_PATH/chain.crt"`

			`# OPENSSL_CNF="/etc/pki/tls/openssl.cnf"`
			`OPENSSL_CNF="/etc/ssl/openssl.cnf"`

			`mkdir -p $CERTS_PATH`

			`#generate root key pair`
workaround for certs newer ubuntu >18 2023-03-28 20:04:56 +00:00			`$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096`
Simulator first commit 2019-09-18 08:11:16 +00:00
			`#generate root self-signed cert`
workaround for certs newer ubuntu >18 2023-03-28 20:04:56 +00:00			`$OPENSSL_PATH/openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem"`
Simulator first commit 2019-09-18 08:11:16 +00:00			`cat "$CERTS_PATH/root-cert.pem" > $CHAIN`


			for i in `seq 1 $LEVELS`; do
			`echo "Level $i"`
			`if [ "$i" -eq 1 ]; then`
			`SIGNER_CERT="$CERTS_PATH/root-cert.pem"`
			`SIGNER_KEY="$CERTS_PATH/root-key.pem"`
			`else`
			`SIGNER_CERT="$CERTS_PATH/ca$((i-1))-cert.pem"`
			`SIGNER_KEY="$CERTS_PATH/ca$((i-1))-key.pem"`
			`fi`

			`#generate key pair`
workaround for certs newer ubuntu >18 2023-03-28 20:04:56 +00:00			`$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096`
Simulator first commit 2019-09-18 08:11:16 +00:00
			`#generate signing request`
workaround for certs newer ubuntu >18 2023-03-28 20:04:56 +00:00			`$OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem"`
Simulator first commit 2019-09-18 08:11:16 +00:00
			`echo "-------------"`
			`echo ">>>>>>>>>>>>>>>>>"$SIGNER_CERT`
			`echo ">>>>>>>>>>>>>>>>>"$SIGNER_KEY`

			`#sign new cert`
workaround for certs newer ubuntu >18 2023-03-28 20:04:56 +00:00			`$OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \`
Simulator first commit 2019-09-18 08:11:16 +00:00			`-set_serial $i -out "$CERTS_PATH/ca$i-cert.pem" -extfile $OPENSSL_CNF -extensions v3_ca`
			`cat "$CERTS_PATH/ca$i-cert.pem" >> $CHAIN`
			`echo "-------------"`

			`done`