summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsign-ca.in19
1 files changed, 17 insertions, 2 deletions
diff --git a/sign-ca.in b/sign-ca.in
index cae09f2..9752464 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -28,16 +28,31 @@ fi
if [ ! -f "${key_dir}/${ca_name}.key.new" ] \
|| [ ! -f "${key_dir}/${ca_name}.crt.new" ]; then
- openssl req -x509 -new \
+ openssl req -new \
-newkey rsa:4096 -sha256 \
-keyout "${key_dir}/${ca_name}.key.new" \
+ -out "${key_dir}/${ca_name}.csr.new" \
+ -nodes \
+ -subj "${ca_subject_prefix}"'/CN=Certification Authority' \
+ -addext 'subjectKeyIdentifier = hash' \
+ -addext 'basicConstraints = critical, CA:true' \
+ -addext 'keyUsage = keyCertSign, cRLSign'
+ if [ -f "${key_dir}/${ca_name}.key" ]; then
+ previous_key="${key_dir}/${ca_name}.key"
+ else
+ previous_key="${key_dir}/${ca_name}.key.new"
+ fi
+ openssl req -x509 \
+ -sha256 \
+ -in "${key_dir}/${ca_name}.csr.new" \
+ -key "${previous_key}" \
-out "${key_dir}/${ca_name}.crt.new" \
-days 365 -nodes \
- -subj "${ca_subject}"'/CN=Certification Authority' \
-addext 'subjectKeyIdentifier = hash' \
-addext 'authorityKeyIdentifier = keyid:always, issuer' \
-addext 'basicConstraints = critical, CA:true' \
-addext 'keyUsage = keyCertSign, cRLSign'
+ rm "${key_dir}/${ca_name}.csr.new"
fi
rsync --ignore-missing-args \