diff --git a/docs/pki_agile b/docs/pki_agile index b277618..3fda93c 100644 --- a/docs/pki_agile +++ b/docs/pki_agile @@ -11,6 +11,7 @@ [[ BACKLOG ]] [ current ] +* add CA password * auto-increment SERIAL * create certificate installation guide -copy file to sd, select .p12 file, password="password" diff --git a/src/pki_bootstrap/README b/src/pki_bootstrap/README index 1622550..e700027 100644 --- a/src/pki_bootstrap/README +++ b/src/pki_bootstrap/README @@ -8,6 +8,10 @@ ------------- INTRO ------------- +The PKI Bootstrap application will generate a new "PKI Lifecycle" package. The PKI Lifecycle +package holds a new Certificate Authority (CA) and a complete certificate chain-of-trust. The +PKI Lifecycle package has a life of 5-10 years. Each package has embedded programs to generate new +certificate authority intermediates, client, and server certificates. @@ -15,10 +19,60 @@ USAGE ------------- +This application will generate all the files necessary to build a certificate chain of trust +using a CA, CA Intermediate, Server, and Client certificates. All the files are put into +pki lifecyle package + -put the .cnf config files into the ./cnf directory + +Usage: pki_bootstrap <.cnf file (minus the .cnf)> + +Example: pki_bootstrap org.acme.xyz + + +[ .cnf files ] +A .cnf file is required for the domain name. The .cnf file is found in the ./res/cnf directory + +└── res + ├── cnf + │   ├── 192.168.1.3.cnf + │   ├── ca.cnf + │   ├── skunkworks.acme.xyz.cnf + │   └── vpn.backchannel.es.cnf + + ------------- FEATURES ------------- +The PKI Bootstrap application will generate an + + +------------- + TREE +------------- +├── README +├── pki_bootstrap.sh + +└── res + ├── cfg + │   └── SERIAL + ├── cnf + │   ├── 192.168.1.3.cnf + │   ├── ca.cnf + │   ├── skunkworks.acme.xyz.cnf + │   └── vpn.backchannel.es.cnf + ├── docs + │   ├── README_C + │   ├── README_CAI + │   ├── README_LC + │   ├── README_S + │   ├── SERIAL + │   └── SERIAL_LC + └── libs + ├── gen_ca-i.sh + ├── gen_client.sh + ├── gen_server.sh + └── pki_funcs.sh \ No newline at end of file diff --git a/src/pki_bootstrap/pki_bootstrap.sh b/src/pki_bootstrap/pki_bootstrap.sh index 1ec1741..8edb368 100755 --- a/src/pki_bootstrap/pki_bootstrap.sh +++ b/src/pki_bootstrap/pki_bootstrap.sh @@ -128,7 +128,7 @@ cp_lifecycle_docs() { gen_lc_ca_i() { cd $FQ_DIR_LC # generate new CA-I - ca-i_gen_pki $ORG_URL 1001 2 + ca-i_gen_pki $ORG_URL 4321 2 # ca-i_gen_pki $ORG_URL 2001 5 # ca-i_gen_pki $ORG_URL 3001 8 } diff --git a/src/pki_bootstrap/res/libs/gen_ca-i.sh b/src/pki_bootstrap/res/libs/gen_ca-i.sh index ff1d198..132fa23 100755 --- a/src/pki_bootstrap/res/libs/gen_ca-i.sh +++ b/src/pki_bootstrap/res/libs/gen_ca-i.sh @@ -3,9 +3,6 @@ # Create CA Intermediate # # -# This function will generate a CA Intermediate -# IN: UNIQ_ID_CA, SERIAL -# # source this file to include the functions . cfg/pki_funcs.sh @@ -23,39 +20,19 @@ usage() { echo "It requires a CA certificate used to sign CA Intermediate" echo "Requires the file \"ca.pem\" that is used to sign the certificates" echo - echo " usage: gen_ca-i.sh " + echo " usage: gen_ca-i.sh [Serial #]" echo - echo " example: gen_ca-i.sh skunkworks.acme.xyz" - echo " 10052" + echo " example: gen_ca-i.sh skunkworks.acme.xyz \\" + echo " 10052 (optional) \\" echo exit 1 } -error_no_ca_file() { - echo_block "ERROR: missing ca.crt.pem, ca.keys.pem" - usage -} - main() { - CDD=`pwd` - FQ_CA_KEYS="${CDD}/cfg/ca.keys.pem" - FQ_CA_CRT="${CDD}/cfg/ca.crt.pem" - if [[ ! -f $FQ_CA_KEYS ]] || [[ ! -f $FQ_CA_CRT ]]; then - error_no_ca_file - fi - - if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then - pki_func_init $FQ_CA_CRT $FQ_CA_KEYS "${CDD}/cfg" - - if [[ -z $PARAM3 ]]; then - PARAM3=5 - fi - - ca-i_gen_pki $PARAM1 $PARAM2 $PARAM3 - else - usage - fi + # uses global variables: $PARAM1 $PARAM2 $PARAM3 + check_params + ca-i_gen_pki } main diff --git a/src/pki_bootstrap/res/libs/gen_client.sh b/src/pki_bootstrap/res/libs/gen_client.sh index b093bbc..094e111 100755 --- a/src/pki_bootstrap/res/libs/gen_client.sh +++ b/src/pki_bootstrap/res/libs/gen_client.sh @@ -3,9 +3,6 @@ # Create Client Certificates # # -# This function will generate a Client cert -# IN: UNIQ_ID, SERIAL -# # source this file to include the functions . cfg/pki_funcs.sh @@ -21,36 +18,19 @@ usage() { echo echo echo "Generate a new certificate" - echo " usage: gen_client.sh " + echo " usage: gen_client.sh [Serial #]" echo echo " example: gen_client.sh skunkworks.acme.xyz \\" - echo " 10052 \\" + echo " 10052 (optional) \\" echo exit 1 } main() { - if [[ ! -f cfg/ca-i.crt.pem ]] || [[ ! -f cfg/ca-i.keys.pem ]]; then - echo_block "ERROR: file cfg/ca-i.crt.pem cfg/ca-i.keys.pem is missing" - usage - fi - if [[ ! -f cfg/SERIAL ]]; then - echo_block "ERROR: file cfg/SERIAL is missing" - usage - fi - - if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then - UNIQ_ID="${PARAM2}.${PARAM1}" - if [[ -f "distro/client_${UNIQ_ID}.p12" ]]; then - echo_block "ERROR: certifate <> already exists" - usage - fi - - gen_client $PARAM1 $PARAM2 - else - usage - fi + # uses global variables: $PARAM1 $PARAM2 + check_params + gen_client_cert $PARAM1 $PARAM2 } main diff --git a/src/pki_bootstrap/res/libs/gen_server.sh b/src/pki_bootstrap/res/libs/gen_server.sh index 407dafe..90e7e03 100755 --- a/src/pki_bootstrap/res/libs/gen_server.sh +++ b/src/pki_bootstrap/res/libs/gen_server.sh @@ -3,9 +3,6 @@ # Create Server Certificates # # -# This function will generate a Server cert -# IN: UNIQ_ID, SERIAL -# # source this file to include the functions . cfg/pki_funcs.sh @@ -21,40 +18,19 @@ usage() { echo echo echo "Generate a new certificate" - echo " usage: gen_server.sh " + echo " usage: gen_server.sh [Serial #]" echo echo " example: gen_server.sh skunkworks.acme.xyz \\" - echo " 10052 \\" + echo " 10052 (optional) \\" echo exit 1 } main() { - if [[ ! -f cfg/ca-i.crt.pem ]] || [[ ! -f cfg/ca-i.keys.pem ]]; then - echo_block "ERROR: file cfg/ca-i.crt.pem cfg/ca-i.keys.pem is missing" - usage - fi - if [[ ! -f cfg/SERIAL ]]; then - echo_block "ERROR: file cfg/SERIAL is missing" - usage - fi - - if [[ -n $PARAM1 ]] && [[ -n $PARAM2 ]]; then - UNIQ_ID="${PARAM2}.${PARAM1}" - if [[ -f "distro/server_${UNIQ_ID}.p12" ]]; then - echo_block "ERROR: certifate <> already exists" - usage - fi - if [[ ! -f "cfg/${PARAM1}.cnf" ]]; then - echo_block "ERROR: configuration file <> is missing" - usage - fi - - gen_server $PARAM1 $PARAM2 - else - usage - fi + # uses global variables: $PARAM1 $PARAM2 + check_params + gen_server $PARAM1 $PARAM2 } main diff --git a/src/pki_bootstrap/res/libs/pki_funcs.sh b/src/pki_bootstrap/res/libs/pki_funcs.sh index ba901bd..701b83c 100644 --- a/src/pki_bootstrap/res/libs/pki_funcs.sh +++ b/src/pki_bootstrap/res/libs/pki_funcs.sh @@ -6,16 +6,16 @@ # # Set the CA variables # -pki_func_init() { - if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then - FQ_CA_CERT=$1 - FQ_CA_KEYS=$2 - CNF_PATH=$3 - APP_INIT=1 - else - APP_INIT=0 - fi -} +# pki_func_init() { +# if [[ -n $1 ]] || [[ -n $2 ]] || [[ -n $3 ]]; then +# FQ_CA_CERT=$1 +# FQ_CA_KEYS=$2 +# CNF_PATH=$3 +# APP_INIT=1 +# else +# APP_INIT=0 +# fi +# } # # print text wrapped in a block @@ -27,14 +27,70 @@ echo_block() { echo "***** ***** ***** *****" } +error_no_ca_file() { + echo_block "ERROR: missing ca.crt.pem, ca.keys.pem" + usage +} + # # Grab the latest serial # from the file, auto-increment # get_serial() { - SERIAL=`head "cfg/SERIAL"` + SERIAL=`head cfg/SERIAL` if [[ -z $SERIAL ]]; then SERIAL=11111 echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA" + else + PLUS1=$((SERIAL+1)) + echo $PLUS1 > cfg/SERIAL + fi +} + +# +# check the three parameters: $PARAM1, $PARAM2, $PARAM3 +# the parameters are expected to be global +# +check_params() { + if [[ ! -f cfg/ca.keys.pem ]] || [[ ! -f cfg/ca.crt.pem ]]; then + if [[ ! -f cfg/ca-i.keys.pem ]] || [[ ! -f cfg/ca-i.crt.pem ]]; then + echo_block "ERROR: missing ca certificat: cfg/ca.crt.pem, cfg/ca.keys.pem, cfg/ca-i.crt.pem, cfg/ca-i.keys.pem" + usage + fi + fi + + # the parameter must be the URL (not the filename, .cnf) + if [[ -n $PARAM1 ]]; then + if [[ ${PARAM1: -4} == .cnf ]]; then + if [[ ! -f "cfg/${PARAM1}" ]]; then + echo_block "ERROR: file cfg/${PARAM1} is missing" + usage + else + PARAM1=${PARAM1%.*} + fi + else + if [[ ! -f "cfg/${PARAM1}.cnf" ]]; then + echo_block "ERROR: file cfg/${PARAM1}.cnf is missing" + usage + fi + fi + else + usage + fi + + if [[ -z $PARAM2 ]]; then + if [[ ! -f cfg/SERIAL ]]; then + echo_block "ERROR: file cfg/SERIAL is missing" + usage + else + get_serial + PARAM2=$SERIAL + fi + else + SERIAL=$PARAM2 + fi + + if [[ -z $PARAM3 ]]; then + PARAM3=2 fi } @@ -82,28 +138,27 @@ gen_ca() { # # INPUT: BASE SERIAL #, LOOP NUM # -# Requires: FQ_CA_CERT, FQ_CA_KEYS -# ca-i_gen_pki() { CDD=`pwd` - ORG_URL=$1 - SERIAL_O=$2 - NUM_CERTS=$(($3-1)) + ORG_URL=$PARAM1 + NUM_CERTS=$(($PARAM3-1)) # create unique directory - UNIQ_ID_CAI="${SERIAL_O}.${ORG_URL}" - mkdir -p "distribution/ca_i_${UNIQ_ID_CAI}" - cd "distribution/ca_i_${UNIQ_ID_CAI}" + UNIQ_ID="${SERIAL}.${ORG_URL}" + mkdir -p "distribution/ca_i_${UNIQ_ID}" # Create CA Intermediate - ca-i_gen_cert $ORG_URL $SERIAL_O + # + ca-i_gen_cert $ORG_URL $SERIAL # create directories, copy files, before generating client/server ca-i_create_shell - __ca-i_gen_client - __ca-i_gen_server + # the client & server applications need to execute in their perspective directories + cd "distribution/ca_i_${UNIQ_ID}" + __ca-i_gen_client +# __ca-i_gen_server # return to last path cd $CDD @@ -120,7 +175,8 @@ __ca-i_gen_client() { cd clients for NUM in $(seq 0 $NUM_CERTS) do - gen_client $ORG_URL $((SERIAL_O+NUM)) + get_serial + gen_client_cert $ORG_URL $SERIAL done cd .. } @@ -136,11 +192,73 @@ __ca-i_gen_server() { cd servers for NUM in $(seq 0 $NUM_CERTS) do - gen_server $ORG_URL $((SERIAL_O+NUM)) + get_serial + gen_server_cert $ORG_URL $SERIAL done cd .. } +# +# Copies all applcations to the Lifecycle package +# organize the ca-i directory +# order matters: move these files last because they were copied above +# +ca-i_create_shell() { + + DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID}" + + echo $UNIQ_ID > UNIQ_ID + + # client + mkdir -p $DEST_DIR/clients/cfg + cp $CDD/res/libs/gen_client.sh $DEST_DIR/clients/ + cp $CDD/res/libs/pki_funcs.sh $DEST_DIR/clients/cfg + cp $CDD/res/docs/README_C $DEST_DIR/clients/README + cp $CDD/res/docs/SERIAL $DEST_DIR/clients/cfg/ + cp "${CDD}/cfg/${ORG_URL}.cnf" $DEST_DIR/clients/cfg/ + # generated files + cp ca_i*.crt.pem $DEST_DIR/clients/cfg/ca-i.crt.pem + cp ca_i*.keys.pem $DEST_DIR/clients/cfg/ca-i.keys.pem + cp ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem + cp UNIQ_ID $DEST_DIR/clients/cfg/ + # cp $DEST_DIR/ca_i*.crt.pem $DEST_DIR/clients/cfg/ca-i.crt.pem + # cp $DEST_DIR/ca_i*.keys.pem $DEST_DIR/clients/cfg/ca-i.keys.pem + # cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem + + # server + mkdir -p $DEST_DIR/servers/cfg + cp $CDD/res/libs/gen_server.sh $DEST_DIR/servers/ + cp $CDD/res/libs/pki_funcs.sh $DEST_DIR/servers/cfg/ + cp $CDD/res/docs/README_S $DEST_DIR/servers/README + cp $CDD/res/docs/SERIAL $DEST_DIR/servers/cfg/ + cp "${CDD}/cfg/${ORG_URL}.cnf" $DEST_DIR/servers/cfg/ + # generated files + cp ca_i*.crt.pem $DEST_DIR/servers/cfg/ca-i.crt.pem + cp ca_i*.keys.pem $DEST_DIR/servers/cfg/ca-i.keys.pem + cp ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem + cp UNIQ_ID $DEST_DIR/servers/cfg/ + # cp $DEST_DIR/ca_i*.crt.pem $DEST_DIR/servers/cfg/ca-i.crt.pem + # cp $DEST_DIR/ca_i*.keys.pem $DEST_DIR/servers/cfg/ca-i.keys.pem + # cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem + + # CA-I + mkdir -p $DEST_DIR/ca-i/data + mkdir -p $DEST_DIR/ca-i/docs + mkdir -p $DEST_DIR/ca-i/distro + cp $CDD/res/docs/README_CAI $DEST_DIR/README + cp $CDD/ca_*/ca_*.crt.pem $DEST_DIR/ca-i/data/ + cp $CDD/ca_*/ca_*.info.txt $DEST_DIR/ca-i/docs/ + # generated files + mv ca_i*.pem $DEST_DIR/ca-i/data/ + mv ca_i*.info.txt $DEST_DIR/ca-i/docs/ + mv ca_i*.p12 $DEST_DIR/ca-i/distro + mv ca_cert-chain*.pem $DEST_DIR/ca-i/distro + # mv $DEST_DIR/ca_i*.pem $DEST_DIR/ca-i/data/ + # mv $DEST_DIR/ca_i*.info.txt $DEST_DIR/ca-i/docs/ + # mv $DEST_DIR/ca_i*.p12 $DEST_DIR/ca-i/distro + # mv $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/ca-i/distro +} + # This function will generate a CA Intermediate # # Requires: CNF file, CA cert, CA key @@ -150,88 +268,56 @@ __ca-i_gen_server() { ca-i_gen_cert() { ORG_URL=$1 SERIAL=$2 + DEST_DIR="." + # DEST_DIR=$3 UNIQ_ID="${SERIAL}.${ORG_URL}" echo_block "Create CA Intermediate (${UNIQ_ID})" - openssl genrsa -out "ca_i_${UNIQ_ID}.keys.pem" 4096 + openssl genrsa -out "${DEST_DIR}/ca_i_${UNIQ_ID}.keys.pem" 4096 # Create Cert Signing Request (CSR) - openssl req -config "${CNF_PATH}/ca.cnf" -new -sha256 \ + openssl req -config "cfg/ca.cnf" -new -sha256 \ -subj "/C=OO/O=ACME/OU=ACME Intermediate/CN=${UNIQ_ID}" \ - -key "ca_i_${UNIQ_ID}.keys.pem" -out "ca_i_${UNIQ_ID}.csr.pem" + -key "${DEST_DIR}/ca_i_${UNIQ_ID}.keys.pem" -out "${DEST_DIR}/ca_i_${UNIQ_ID}.csr.pem" # Create Certificate (valid for ~2 years, after the entire chain of trust expires) # CA signs Intermediate - openssl x509 -req -days 750 -extfile "${CNF_PATH}/ca.cnf" -extensions v3_ca_i \ - -CA $FQ_CA_CERT -CAkey $FQ_CA_KEYS -set_serial ${SERIAL} \ - -in "ca_i_${UNIQ_ID}.csr.pem" -out "ca_i_${UNIQ_ID}.crt.pem" + openssl x509 -req -days 750 -extfile "cfg/ca.cnf" -extensions v3_ca_i \ + -CA cfg/ca.crt.pem -CAkey cfg/ca.keys.pem -set_serial ${SERIAL} \ + -in "${DEST_DIR}/ca_i_${UNIQ_ID}.csr.pem" -out "${DEST_DIR}/ca_i_${UNIQ_ID}.crt.pem" # Package the Certificate Authority Certificates for distro (windoze needs this) - openssl pkcs12 -export -password "pass:password" -inkey "ca_i_${UNIQ_ID}.keys.pem" \ - -name "CA Intermediate Mobile Provision" -certfile $FQ_CA_CERT \ - -in "ca_i_${UNIQ_ID}.crt.pem" -out "ca_i_${UNIQ_ID}.p12" + openssl pkcs12 -export -password "pass:password" -inkey "${DEST_DIR}/ca_i_${UNIQ_ID}.keys.pem" \ + -name "CA Intermediate Mobile Provision" -certfile cfg/ca.crt.pem \ + -in "${DEST_DIR}/ca_i_${UNIQ_ID}.crt.pem" -out "${DEST_DIR}/ca_i_${UNIQ_ID}.p12" # verify certificate (output to text file for review) - openssl x509 -noout -text -in "ca_i_${UNIQ_ID}.crt.pem" > "ca_i_${UNIQ_ID}.crt.info.txt" + openssl x509 -noout -text -in "${DEST_DIR}/ca_i_${UNIQ_ID}.crt.pem" > "${DEST_DIR}/ca_i_${UNIQ_ID}.crt.info.txt" # create certifiate chain - cat $FQ_CA_CERT "ca_i_${UNIQ_ID}.crt.pem" > "ca_cert-chain_${UNIQ_ID}.crts.pem" + cat cfg/ca.crt.pem "${DEST_DIR}/ca_i_${UNIQ_ID}.crt.pem" > "${DEST_DIR}/ca_cert-chain_${UNIQ_ID}.crts.pem" } -# -# Copies all applcations to the Lifecycle package -# organize the ca-i directory -# order matters: move these files last because they were copied above -# -ca-i_create_shell() { +get_org_url() { + ORG_URL=`head cfg/UNIQ_ID` + if [[ -z $ORG_URL ]]; then + echo_block "WARN: no file 'UNIQ_ID' found, using default 11111 as the serial # for CA" + exit 1 + fi +} - DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID_CAI}" - - # client - mkdir -p clients/cfg - cp $CDD/res/libs/gen_client.sh $DEST_DIR/clients/ - cp $CDD/res/libs/pki_funcs.sh $DEST_DIR/clients/cfg - cp $CDD/res/docs/README_C $DEST_DIR/clients/README - cp $CDD/res/docs/SERIAL $DEST_DIR/clients/cfg/ - cp "${CDD}/cfg/${ORG_URL}.cnf" $DEST_DIR/clients/cfg/ - # generated files - cp $DEST_DIR/ca_i*.crt.pem $DEST_DIR/clients/cfg/ca-i.crt.pem - cp $DEST_DIR/ca_i*.keys.pem $DEST_DIR/clients/cfg/ca-i.keys.pem - cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem - - # server - mkdir -p servers/cfg - cp $CDD/res/libs/gen_server.sh $DEST_DIR/servers/ - cp $CDD/res/libs/pki_funcs.sh $DEST_DIR/servers/cfg/ - cp $CDD/res/docs/README_S $DEST_DIR/servers/README - cp $CDD/res/docs/SERIAL $DEST_DIR/servers/cfg/ - cp "${CDD}/cfg/${ORG_URL}.cnf" $DEST_DIR/servers/cfg/ - # generated files - cp $DEST_DIR/ca_i*.crt.pem $DEST_DIR/servers/cfg/ca-i.crt.pem - cp $DEST_DIR/ca_i*.keys.pem $DEST_DIR/servers/cfg/ca-i.keys.pem - cp $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem - - # CA-I - mkdir -p ca-i/data - mkdir -p ca-i/docs - mkdir -p ca-i/distro - cp $CDD/res/docs/README_CAI $DEST_DIR/README - cp $CDD/ca_*/ca_*.crt.pem $DEST_DIR/ca-i/data/ - cp $CDD/ca_*/ca_*.info.txt $DEST_DIR/ca-i/docs/ - # generated files - mv $DEST_DIR/ca_i*.pem $DEST_DIR/ca-i/data/ - mv $DEST_DIR/ca_i*.info.txt $DEST_DIR/ca-i/docs/ - mv $DEST_DIR/ca_i*.p12 $DEST_DIR/ca-i/distro - mv $DEST_DIR/ca_cert-chain*.pem $DEST_DIR/ca-i/distro +gen_client() { + get_org_url + get_client_cert $ORG_URL $SERIAL } # # Generate a Client Certificate -# IN: UNIQ_ID, UNIQ_ID_CAI, SERIAL +# IN: UNIQ_ID, SERIAL # -gen_client() { +gen_client_cert() { ORG_URL=$1 SERIAL=$2 @@ -261,9 +347,9 @@ gen_client() { # # Generate a Server Certificate -# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL +# IN: UNIQ_ID, SERIAL # -gen_server() { +gen_server_cert() { ORG_URL=$1 SERIAL=$2 diff --git a/src/sandbox/SERIAL b/src/sandbox/SERIAL new file mode 100644 index 0000000..48ad625 --- /dev/null +++ b/src/sandbox/SERIAL @@ -0,0 +1 @@ +2010 diff --git a/src/sandbox/serial.sh b/src/sandbox/serial.sh new file mode 100755 index 0000000..1c94a11 --- /dev/null +++ b/src/sandbox/serial.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +SERIAL=`head SERIAL` +if [[ -z $SERIAL ]]; then + SERIAL=11111 + echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA" +else + PLUS1=$((SERIAL+1)) + echo $PLUS1 > SERIAL +fi +