diff options
author | Erich Eckner <git@eckner.net> | 2019-08-29 13:38:11 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-08-29 13:38:11 +0200 |
commit | 84b7e63a9a70f6b774e8f778effc5633e900bf5c (patch) | |
tree | 0c9c5ec3fd84d0614dbd8c267e66e7ebf76f1051 | |
parent | 0f6b01ed8265ddd01687ff8b50de52be8fcf97c0 (diff) | |
download | simple-pki-84b7e63a9a70f6b774e8f778effc5633e900bf5c.tar.xz |
sign-request: sign with old or new key depending on date
-rwxr-xr-x | sign-request.in | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in index 89912b4..db944e4 100755 --- a/sign-request.in +++ b/sign-request.in @@ -95,7 +95,13 @@ while read -r csr; do rm "${csr_local}" continue fi - openssl req -x509 -key "${key_dir}/${ca_name}.key.new" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' + if [ ! -f "${key_dir}/${ca_name}.key" ] \ + || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then + key_to_use="${key_dir}/${ca_name}.key.new" + else + key_to_use="${key_dir}/${ca_name}.key" + fi + openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' rm "${csr_local}" done |