adding intermediate CA signing capability.

.gitignore

@@ -1,3 +1,5 @@
 *.key
 *.crt
 *.pem
+*.csr
+*.srl

issue-root.sh

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-ECDSA_OPTS="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384"
-
 
 while getopts ":ht:d:n:s:" opt; do
   case $opt in

pki.cnf

@@ -0,0 +1,5 @@
+[v3_intermediate_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign

sign-inter.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+
+while getopts ":hn:a:d:" opt; do
+  case $opt in
+    h)
+      echo "Usage:  -n <name> -a <CA authority> -d <days>"
+      exit 0
+      ;;
+    n)
+      NAME_OPT=(-in "$OPTARG".csr -out "$OPTARG".crt)
+      ;;
+    a)
+      AUTHORITY_OPT=(-CA $OPTARG.crt -CAkey $OPTARG.key)
+      ;;
+    d)
+      DAYS_OPT="-days $OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+  esac
+done
+
+openssl x509 -req -sha256 $DAYS_OPT "${NAME_OPT[@]}" "${AUTHORITY_OPT[@]}" -extfile pki.cnf -extensions v3_intermediate_ca