summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-08-29 13:38:11 +0200
committerErich Eckner <git@eckner.net>2019-08-29 13:38:11 +0200
commit84b7e63a9a70f6b774e8f778effc5633e900bf5c (patch)
tree0c9c5ec3fd84d0614dbd8c267e66e7ebf76f1051
parent0f6b01ed8265ddd01687ff8b50de52be8fcf97c0 (diff)
downloadsimple-pki-84b7e63a9a70f6b774e8f778effc5633e900bf5c.tar.xz
sign-request: sign with old or new key depending on date
-rwxr-xr-xsign-request.in8
1 files changed, 7 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in
index 89912b4..db944e4 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -95,7 +95,13 @@ while read -r csr; do
rm "${csr_local}"
continue
fi
- openssl req -x509 -key "${key_dir}/${ca_name}.key.new" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false'
+ if [ ! -f "${key_dir}/${ca_name}.key" ] \
+ || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then
+ key_to_use="${key_dir}/${ca_name}.key.new"
+ else
+ key_to_use="${key_dir}/${ca_name}.key"
+ fi
+ openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false'
rm "${csr_local}"
done