From 125919ee3aa9a909eb50e7c7e773b3d2cd1b9d3c Mon Sep 17 00:00:00 2001
From: brent s <bts@square-r00t.net>
Date: Mon, 22 Feb 2016 14:49:15 -0500
Subject: [PATCH] v1! working now. should create full PKI. TODO: add better
 standalone-script support (e.g. adding clients), conf support (so they all
 pull their variables from the same place), etc.

---
 gen.intermediate.cert.sh        | 2 +-
 gen.serverclient.cert-server.sh | 6 +++---
 gen.serverclient.cert-user.sh   | 6 +++---
 gen.serverclient.chain.sh       | 8 ++++++++
 4 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 gen.serverclient.chain.sh

diff --git a/gen.intermediate.cert.sh b/gen.intermediate.cert.sh
index a3cecb9..414d992 100644
--- a/gen.intermediate.cert.sh
+++ b/gen.intermediate.cert.sh
@@ -2,5 +2,5 @@
 set -e
 
 echo "Generating intermediate certificate..."
-openssl CA -config ${rootdir}/openssl.cnf -days 3650 -extensions v3_ca -notext -md sha512 -in ${rootdir}/intermediate/csr/intermediate.csr -out ${rootdir}/intermediate/crt/intermediate.crt > /dev/null 2>&1
+openssl ca -config ${rootdir}/openssl.cnf -batch -days 3650 -extensions v3_ca -notext -md sha512 -in ${rootdir}/intermediate/csr/intermediate.csr -out ${rootdir}/intermediate/crt/intermediate.crt > /dev/null 2>&1
 chmod 444 ${rootdir}/intermediate/crt/intermediate.crt
diff --git a/gen.serverclient.cert-server.sh b/gen.serverclient.cert-server.sh
index 7fcf9ac..e98c55d 100644
--- a/gen.serverclient.cert-server.sh
+++ b/gen.serverclient.cert-server.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
 
-echo "Generating certificate (${1})..."
-openssl CA -config ${rootdir}/intermediate/openssl.cnf -days 3650 -extensions server_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.crt > /dev/null 2>&1
-chmod 444 ${rootdir}/${1}/crt/${1}.crt
+echo "Generating certificate (${1}) (server certificate)..."
+openssl ca -config ${rootdir}/intermediate/openssl.cnf -batch -days 3650 -extensions server_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.crt > /dev/null 2>&1
+chmod 444 ${rootdir}/crt/${1}.crt
diff --git a/gen.serverclient.cert-user.sh b/gen.serverclient.cert-user.sh
index c4f72ff..2b155c5 100644
--- a/gen.serverclient.cert-user.sh
+++ b/gen.serverclient.cert-user.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
 
-echo "Generating certificate (${1})..."
-openssl CA -config ${rootdir}/intermediate/openssl.cnf -days 3650 -extensions usr_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.crt > /dev/null 2>&1
-chmod 444 ${rootdir}/crt/${1}.crt
+echo "Generating certificate (${1}) (user)..."
+openssl ca -config ${rootdir}/intermediate/openssl.cnf -batch -days 3650 -extensions usr_cert -notext -md sha512 -in ${rootdir}/csr/${1}.csr -out ${rootdir}/crt/${1}.user.crt > /dev/null 2>&1
+chmod 444 ${rootdir}/crt/${1}.user.crt
diff --git a/gen.serverclient.chain.sh b/gen.serverclient.chain.sh
new file mode 100644
index 0000000..aceeb74
--- /dev/null
+++ b/gen.serverclient.chain.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+echo "Generating chain cert files (${1})..."
+cat ${rootdir}/crt/${1}.crt ${rootdir}/intermediate/crt/intermediate-chained.crt > ${rootdir}/crt/${1}-chained.crt
+#cat ${rootdir}/crt/${1}.user.crt ${rootdir}/intermediate/crt/intermediate-chained.crt > ${rootdir}/crt/${1}.user-chained.crt
+chmod 444 ${rootdir}/crt/${1}-chained.crt
+#chmod 444 ${rootdir}/crt/${1}.user-chained.crt