skhatri/ca.sh

## ca.sh
#create CA cert and self sign
if [[ ! -d ca ]];
then
  mkdir ca
  openssl genrsa -out ca/ca.key 2048
  openssl req -new -x509 -key ca/ca.key -out ca/ca.crt -subj "/C=AU/ST=NSW/L=Sydney/O=Software Company/OU=IT/CN=ca"
fi;


cert=${1:-localhost}

if [[ $cert == "ca" ]];
then
  echo "invalid server name"
  exit 1;
fi;

if [[ ! -d $cert ]];
then
  mkdir $cert
fi;

### Server Setup
KEY_FILE="$cert/keystore.p12"
STORE_PASS="test123"
keytool -genkeypair -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ${KEY_FILE} -validity 365 --dname "CN=$cert, OU=IT, O=Software Company, L=World, ST=World, C=WO" -storepass ${STORE_PASS}

keytool -certreq -keystore ${KEY_FILE} -file $cert/server.csr -storepass ${STORE_PASS} -keypass ${STORE_PASS}


#CA sign cert request
openssl x509 -req -in $cert/server.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out $cert/server.crt

openssl x509 -in $cert/server.crt -noout -text
cat $cert/server.crt ca/ca.crt > $cert/bundle.crt
openssl x509 -in $cert/bundle.crt -noout -text

### Server Import Cert
echo yes | keytool -importcert -file $cert/bundle.crt -keystore ${KEY_FILE} -keypass ${STORE_PASS} -storepass ${STORE_PASS} -trustcacerts
### Create Truststore
echo yes | keytool -importcert -alias ${cert} -file $cert/bundle.crt -keystore $cert/truststore.jks -storepass ${STORE_PASS} -keypass ${STORE_PASS} -trustcacerts

echo extracting private key
openssl pkcs12 -info -in ${KEY_FILE} -nodes -nocerts -out $cert/server.key -password "pass:${STORE_PASS}"
openssl rsa -in $cert/server.key -out $cert/server.rsa.key
echo files generated at ${cert}
ls $cert
	#create CA cert and self sign
	if [[ ! -d ca ]];
	then
	mkdir ca
	openssl genrsa -out ca/ca.key 2048
	openssl req -new -x509 -key ca/ca.key -out ca/ca.crt -subj "/C=AU/ST=NSW/L=Sydney/O=Software Company/OU=IT/CN=ca"
	fi;


	cert=${1:-localhost}

	if [[ $cert == "ca" ]];
	then
	echo "invalid server name"
	exit 1;
	fi;

	if [[ ! -d $cert ]];
	then
	mkdir $cert
	fi;

	### Server Setup
	KEY_FILE="$cert/keystore.p12"
	STORE_PASS="test123"
	keytool -genkeypair -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ${KEY_FILE} -validity 365 --dname "CN=$cert, OU=IT, O=Software Company, L=World, ST=World, C=WO" -storepass ${STORE_PASS}

	keytool -certreq -keystore ${KEY_FILE} -file $cert/server.csr -storepass ${STORE_PASS} -keypass ${STORE_PASS}


	#CA sign cert request
	openssl x509 -req -in $cert/server.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out $cert/server.crt

	openssl x509 -in $cert/server.crt -noout -text
	cat $cert/server.crt ca/ca.crt > $cert/bundle.crt
	openssl x509 -in $cert/bundle.crt -noout -text

	### Server Import Cert
	echo yes \| keytool -importcert -file $cert/bundle.crt -keystore ${KEY_FILE} -keypass ${STORE_PASS} -storepass ${STORE_PASS} -trustcacerts
	### Create Truststore
	echo yes \| keytool -importcert -alias ${cert} -file $cert/bundle.crt -keystore $cert/truststore.jks -storepass ${STORE_PASS} -keypass ${STORE_PASS} -trustcacerts

	echo extracting private key
	openssl pkcs12 -info -in ${KEY_FILE} -nodes -nocerts -out $cert/server.key -password "pass:${STORE_PASS}"
	openssl rsa -in $cert/server.key -out $cert/server.rsa.key
	echo files generated at ${cert}
	ls $cert