diff options
author | Erich Eckner <git@eckner.net> | 2019-09-01 23:15:54 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-01 23:15:54 +0200 |
commit | f46afcd7a0cd2f38a99b24257fcfb218f6bfa1fe (patch) | |
tree | 56512468e68b24a54f9053c1fd78f6e64bcaf4ec | |
parent | 4a7ae1a8d38cb99f3b4decaffc8f15573ebb840e (diff) | |
download | simple-pki-f46afcd7a0cd2f38a99b24257fcfb218f6bfa1fe.tar.xz |
sign-request.in: set correct issuer
-rwxr-xr-x | sign-request.in | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in index e64ed93..6266e45 100755 --- a/sign-request.in +++ b/sign-request.in @@ -98,10 +98,18 @@ while read -r csr; do if [ ! -f "${key_dir}/${ca_name}.key" ] \ || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then key_to_use="${key_dir}/${ca_name}.key.new" + crt_to_use="${key_dir}/${ca_name}.crt.new" else key_to_use="${key_dir}/${ca_name}.key" + crt_to_use="${key_dir}/${ca_name}.crt" fi - openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' + openssl x509 -req \ + -CAkey "${key_to_use}" \ + -CA "${crt_to_use}" \ + -CAserial "${key_dir}/${ca_name}.srl" \ + -CAcreateserial \ + -in "${csr_local}" \ + -out "${csr_local%.csr}.crt" rm "${csr_local}" done |