scripts/generate-eidas-materials-ca.sh

#!/bin/bash
###########################################################
# Script to generate a eIDAS Root CA.
###########################################################
# See https://enablebanking.com/blog/2020/01/13/how-to-generate-eidas-certificate/
# See https://stackoverflow.com/a/57013577
# See https://blogg.bekk.no/how-to-sign-a-certificate-request-with-openssl-e046c933d3ae
# CA definition file "eidas-ca.conf" is in the "/tools/misc" folder
if [ "$#" -lt 1 ]; then
    script_name=$(basename "$0")
    echo "Usage:"
    echo "   $script_name [CA_SUBJECT_STRING]"
    echo ""
    echo "Call example:"
    echo "    $script_name '/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=yourdomain.com'"
    exit 1
fi
echo "[+] Generate eIDAS CA materials..."
rm -rf eidas-ca 2>/dev/null
mkdir eidas-ca
cd eidas-ca
mkdir ca.db.certs
touch ca.db.index
echo "1234" > ca.db.serial
openssl genrsa -des3 -out eidas-ca-private.pem 4096
openssl req -x509 -new -nodes -key eidas-ca-private.pem -sha256 -days 1825 -out eidas-ca-cert.pem -subj "$1"
echo "[+] eIDAS CA:"
cd ..
ls -rtl eidas-ca