makeCA.sh

#!/bin/sh

### define parameter
CAname="piyoCA"
SelfSignedCert="CAcert.pem"
SelfSignedKey="CAkey.pem"
PassPhrase="piyoca"
###

# make CA dir
mkdir /etc/ssl/$CAname
mkdir -p /etc/ssl/$CAname/certs
mkdir -p /etc/ssl/$CAname/private
mkdir -p /etc/ssl/$CAname/crl
mkdir -p /etc/ssl/$CAname/newcerts
chmod 700 /etc/ssl/$CAname/private

# initialize serial & database
echo 01>/etc/ssl/$CAname/serial
touch /etc/ssl/$CAname/index.txt

# modify opennssl.conf
sed -i -e "/^dir/s/dir/#dir/" /etc/ssl/openssl.cnf
sed -i -e "/^#dir/a dir = /etc/ssl/$CAname" /etc/ssl/openssl.cnf

# make Self-signed certificate & private key
cd /etc/ssl/$CAname
expect -c "
 set timeout 5
 spawn openssl req -new -x509 -newkey rsa:2048 -out $SelfSignedCert -keyout private/$SelfSignedKey -days 365
   expect \"PEM\" 
    send \"$PassPhrase\n\"
   expect \"Verifying\" 
    send \"$PassPhrase\n\"
   expect \"Country\" 
    send \"JP\n\"
   expect \"State\" 
    send \"Kanagawa\n\"
   expect \"Locality\" 
    send \"Fujisawa\n\"
   expect \"company\" 
    send \"Shonandai\n\"
   expect \"Unit\" 
    send \"poko\n\"
   expect \"Common\" 
    send \"$CAname\n\"
   expect \"Email\" 
    send \"a@a.com\n\"
   expect \"$\"
   exit 0
"

# Show Result
openssl x509 -in /etc/ssl/$CAname/$SelfSignedCert -text