DustinD2/Create CA and chained certificate

## Create CA and chained certificate
#!/bin/bash

#This script creates a ca and signs a client key and configures
# the database.

#Configure the Root CA
mkdir ca
cd ca
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null ./index.txt
#this is the mac path
#be sure ca_default dir is .
cp /opt/local/etc/openssl/openssl.cnf .

#generate the key
openssl genrsa -des3 -out private/cakey.pem 4096
#generate a self-signed cert
openssl req -new -x509 -nodes -sha1 -key private/cakey.pem -out cacert.pem


#We are now ready to make an intermediate CA
mkdir ca2012
cd ca2012
cp ../openssl.cnf .
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null ./index.txt
openssl genrsa -des3 -out private/cakey.pem 4096
openssl req -new -sha1 -key private/cakey.pem -out ca2012.csr

#move our new signing request to the root and sign it
mv ca2012.csr ..
cd ..
openssl ca -extensions v3_ca -out ca2012.crt -in ca2012.csr -config openssl.cnf
mv ca2012.* ca2012
cd ca2012
mv ca2012.crt ca2012.pem

#create our ca chain file
cat ca2012.pem > chain.cert
cat ../cacert.pem >> chain.cert

#edit the path of the ca_default dir in the ca2012 openssl.cnf file
# change the path from . to ..
vi openssl.cnf

#create our server certificate
openssl genrsa -des3 -out myServer.key 4096
openssl req -new -key myServer.key -out myServer.csr
openssl ca -config openssl.cnf -policy policy_anything -out myServer.crt -infiles myServer.csr
mkdir certs/myServer
mv myServer.key myServer.csr myServer.crt certs
	#!/bin/bash

	#This script creates a ca and signs a client key and configures
	# the database.

	#Configure the Root CA
	mkdir ca
	cd ca
	mkdir certs crl newcerts private
	echo "01" > serial
	cp /dev/null ./index.txt
	#this is the mac path
	#be sure ca_default dir is .
	cp /opt/local/etc/openssl/openssl.cnf .

	#generate the key
	openssl genrsa -des3 -out private/cakey.pem 4096
	#generate a self-signed cert
	openssl req -new -x509 -nodes -sha1 -key private/cakey.pem -out cacert.pem


	#We are now ready to make an intermediate CA
	mkdir ca2012
	cd ca2012
	cp ../openssl.cnf .
	mkdir certs crl newcerts private
	echo "01" > serial
	cp /dev/null ./index.txt
	openssl genrsa -des3 -out private/cakey.pem 4096
	openssl req -new -sha1 -key private/cakey.pem -out ca2012.csr

	#move our new signing request to the root and sign it
	mv ca2012.csr ..
	cd ..
	openssl ca -extensions v3_ca -out ca2012.crt -in ca2012.csr -config openssl.cnf
	mv ca2012.* ca2012
	cd ca2012
	mv ca2012.crt ca2012.pem

	#create our ca chain file
	cat ca2012.pem > chain.cert
	cat ../cacert.pem >> chain.cert

	#edit the path of the ca_default dir in the ca2012 openssl.cnf file
	# change the path from . to ..
	vi openssl.cnf

	#create our server certificate
	openssl genrsa -des3 -out myServer.key 4096
	openssl req -new -key myServer.key -out myServer.csr
	openssl ca -config openssl.cnf -policy policy_anything -out myServer.crt -infiles myServer.csr
	mkdir certs/myServer
	mv myServer.key myServer.csr myServer.crt certs