http://neobiker.de/wiki/index.php?action=history&feed=atom&title=CA_mk_ca_struct
CA mk ca struct - Versionsgeschichte
2026-05-11T14:00:03Z
Versionsgeschichte dieser Seite in Neobikers Wiki
MediaWiki 1.43.8
http://neobiker.de/wiki/index.php?title=CA_mk_ca_struct&diff=774&oldid=prev
Neobiker am 27. Juni 2008 um 19:36 Uhr
2008-06-27T19:36:32Z
<p></p>
<p><b>Neue Seite</b></p><div>'''./scripts/mk_ca_struct'''<br />
<pre><br />
#!/bin/sh<br />
# RootCA + Server-CA + UserCA erstellen<br />
#<br />
# $Id: mk_ca_struct,v 1.2 2008/06/26 20:49:58 root Exp root $<br />
#<br />
# $Log: mk_ca_struct,v $<br />
# Revision 1.2 2008/06/26 20:49:58 root<br />
# *** empty log message ***<br />
#<br />
# Revision 1.1 2008/06/26 20:35:28 root<br />
# Initial revision<br />
#<br />
#<br />
<br />
absolute_dir ()<br />
{<br />
[ -d "$1" ] || exit 1<br />
pushd "$1" >/dev/null<br />
pwd<br />
popd >/dev/null<br />
}<br />
<br />
bdir=`dirname $0`<br />
pwd=`pwd`<br />
<br />
echo -n "Where to install the CA directories [$pwd] "<br />
read a<br />
<br />
if [ -z "$a" ]; then<br />
CA_DIR=$pwd<br />
else<br />
[ -d "$1" ] || mkdir $a<br />
CA_DIR=`absolute_dir $a`<br />
fi<br />
<br />
if [ -d $CA_DIR/certs ]; then<br />
echo -n "Warning: $CA_DIR/certs found - delete all [n] "<br />
read b<br />
<br />
if [ -z "$b" -o "$b" == "n" -o "$b" == "N" ]; then<br />
echo "OK, exiting"<br />
exit 0<br />
fi<br />
<br />
else<br />
[ -d $CA_DIR ] || mkdir $CA_DIR<br />
fi<br />
<br />
cp -r $bdir $CA_DIR<br />
pushd $CA_DIR<br />
<br />
rm -rf certs private RootCA ServerCA UserCA 2>/dev/null<br />
mkdir certs private<br />
<br />
cat <<EOF > openssl.cnf<br />
# openssl.cnf by neobiker<br />
<br />
HOME = .<br />
RANDFILE = $ENV::HOME/.rnd<br />
<br />
# Extra OBJECT IDENTIFIER info:<br />
#oid_file = $ENV::HOME/.oid<br />
oid_section = new_oids<br />
<br />
path = $CA_DIR<br />
<br />
EOF<br />
<br />
cat scripts/openssl.cnf.tpl >> openssl.cnf<br />
<br />
cat <<EOF<br />
<br />
----------------------<br />
Erstelle eine Root CA:<br />
<br />
EOF<br />
<br />
mkdir RootCA<br />
cd RootCA<br />
mkdir certs newcerts private<br />
chmod go-rwx private<br />
echo "01" > serial<br />
touch index.txt<br />
cd ..<br />
<br />
openssl req -config openssl.cnf \<br />
-newkey rsa:2048 -x509 -days 1825 \<br />
-out RootCA/private/RCAcert.pem -outform PEM \<br />
-keyout RootCA/private/RCAkey.pem<br />
<br />
cp RootCA/private/RCAcert.pem certs/00.pem<br />
cd certs<br />
c_rehash .<br />
cd ..<br />
<br />
cat <<EOF<br />
<br />
<br />
----------------------------------------------<br />
Erstelle eine Server CA (signiert von Root CA):<br />
<br />
EOF<br />
<br />
cd $CA_DIR<br />
mkdir ServerCA<br />
cd ServerCA<br />
mkdir certs newcerts private<br />
chmod go-rwx private<br />
echo "01" > serial<br />
touch index.txt<br />
cd ..<br />
<br />
openssl req -config openssl.cnf \<br />
-newkey rsa:2048 -days 1825 \<br />
-out ServerCA/private/SCAreq.pem -outform PEM \<br />
-keyout ServerCA/private/SCAkey.pem<br />
<br />
openssl ca -config openssl.cnf \<br />
-name Root_CA \<br />
-in ServerCA/private/SCAreq.pem \<br />
-out ServerCA/private/SCAcert.pem<br />
<br />
cp ServerCA/private/SCAcert.pem certs/01.pem<br />
cd certs<br />
c_rehash .<br />
cd ..<br />
<br />
cat <<EOF<br />
<br />
<br />
---------------------------------------------<br />
Erstelle eine User CA (signiert von Root CA):<br />
<br />
EOF<br />
<br />
cd $CA_DIR<br />
mkdir UserCA<br />
cd UserCA<br />
mkdir certs newcerts private<br />
chmod go-rwx private<br />
echo "01" > serial<br />
touch index.txt<br />
cd ..<br />
<br />
openssl req -config openssl.cnf \<br />
-newkey rsa:2048 -days 1825 \<br />
-out UserCA/private/UCAreq.pem -outform PEM \<br />
-keyout UserCA/private/UCAkey.pem<br />
<br />
openssl ca -config openssl.cnf \<br />
-name Root_CA \<br />
-in UserCA/private/UCAreq.pem \<br />
-out UserCA/private/UCAcert.pem<br />
<br />
cp UserCA/private/UCAcert.pem certs/02.pem<br />
cd certs<br />
c_rehash .<br />
cd ..<br />
<br />
popd<br />
</pre></div>
Neobiker