init

#!/bin/sh
## Creates the skeleton of the CA and the private key and the self signed 
## certificate of the CA.

export CADIR="./CA"

if [ -f $CADIR/key.pem ]; then
    >&2 echo "The CA is already initialized!"
    exit 1
fi

mkdir $CADIR
mkdir certs
touch $CADIR/index
touch $CADIR/index.attr
echo "01" > $CADIR/serial
echo "01" > $CADIR/crlnumber

# Create the private key of the CA.
openssl ecparam -out $CADIR/key.pem -name prime256v1 -genkey

# Create the certificate request.
openssl req -new -sha256 -key $CADIR/key.pem -out $CADIR/csr.pem

# Create the self signed certificate.
openssl x509 -req -sha256 -in $CADIR/csr.pem -signkey $CADIR/key.pem -out $CADIR/crt.pem

# Delete the certificate request file, not needed anymore.
rm $CADIR/csr.pem

# Create the initial empty CRL
openssl ca -config CA.conf -gencrl -out $CADIR/crl.pem