tomasklapka · October 5, 2019 12:06 · tomasklapka · Jul 4, 2017 · njh · Sep 13, 2018
diff --git a/webid_gen.sh b/webid_gen.sh
 #!/bin/bash

 BITS=2048
 DIR=./out

 if grep -q 'webid_generator' /etc/ssl/openssl.cnf; then
    echo "WEBID_GEN: Found webid_generator configuration section in /etc/ssl/openssl.cnf"
 else
    echo "WEBID_GEN: Section webid_generator is missing in /etc/ssl/openssl.cnf. Add this configuration section manually:

 [ webid_generator ]
 basicConstraints = CA:TRUE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
 extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection, timeStamping
 nsCertType = client, server, email, objsign, sslCA, emailCA, objCA
 subjectAltName=URI:https://example.com/profile/card\#me		# update this with your WebID URI (escape # as \#)
 subjectKeyIdentifier=hash

 "
    exit 1
 fi

 # create output directory if not exists
 mkdir -p $DIR

 # create private key id_rsa
 echo "WEBID_GEN: Generating rsa key"
 openssl genpkey -algorithm RSA -out $DIR/id_rsa -pkeyopt rsa_keygen_bits:$BITS

 # extract public key id_rsa.pub
 echo "WEBID_GEN: Extracting rsa public key"
 openssl rsa -in $DIR/id_rsa -out $DIR/id_rsa.pub -outform PEM -pubout

 # create WebID certificate id_rsa.cer
 echo "WEBID_GEN: Creating x509 webid certificate"
 openssl req -x509 -key $DIR/id_rsa -nodes -days 3650 -newkey rsa:$BITS -out $DIR/id_rsa.cer -extensions webid_generator

 # convert certificate and key to pkcs12 (for import to browser) id_rsa.p12
 echo "WEBID_GEN: Create pkcs12 key store for browser import"
 openssl pkcs12 -export -out $DIR/id_rsa.p12 -in $DIR/id_rsa.cer -inkey $DIR/id_rsa
	#!/bin/bash

	BITS=2048
	DIR=./out

	if grep -q 'webid_generator' /etc/ssl/openssl.cnf; then
	echo "WEBID_GEN: Found webid_generator configuration section in /etc/ssl/openssl.cnf"
	else
	echo "WEBID_GEN: Section webid_generator is missing in /etc/ssl/openssl.cnf. Add this configuration section manually:

	[ webid_generator ]
	basicConstraints = CA:TRUE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
	extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection, timeStamping
	nsCertType = client, server, email, objsign, sslCA, emailCA, objCA
	subjectAltName=URI:https://example.com/profile/card\#me # update this with your WebID URI (escape # as \#)
	subjectKeyIdentifier=hash

	"
	exit 1
	fi

	# create output directory if not exists
	mkdir -p $DIR

	# create private key id_rsa
	echo "WEBID_GEN: Generating rsa key"
	openssl genpkey -algorithm RSA -out $DIR/id_rsa -pkeyopt rsa_keygen_bits:$BITS

	# extract public key id_rsa.pub
	echo "WEBID_GEN: Extracting rsa public key"
	openssl rsa -in $DIR/id_rsa -out $DIR/id_rsa.pub -outform PEM -pubout

	# create WebID certificate id_rsa.cer
	echo "WEBID_GEN: Creating x509 webid certificate"
	openssl req -x509 -key $DIR/id_rsa -nodes -days 3650 -newkey rsa:$BITS -out $DIR/id_rsa.cer -extensions webid_generator

	# convert certificate and key to pkcs12 (for import to browser) id_rsa.p12
	echo "WEBID_GEN: Create pkcs12 key store for browser import"
	openssl pkcs12 -export -out $DIR/id_rsa.p12 -in $DIR/id_rsa.cer -inkey $DIR/id_rsa