summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--etc/ca-ssl.conf.in2
-rwxr-xr-xsign-ca.in8
-rwxr-xr-xsign-request.in2
3 files changed, 7 insertions, 5 deletions
diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in
index d0a66a3..ad92ff5 100644
--- a/etc/ca-ssl.conf.in
+++ b/etc/ca-ssl.conf.in
@@ -27,7 +27,7 @@ req_extensions = ca_reqext # Desired extensions
1.domainComponent = "eckner"
organizationName = "Eckner Net"
organizationalUnitName = "Eckner Net CA"
-commonName = Eckner Net ${ENV::CA} CA
+commonName = Eckner Net ${ENV::CA_TYPE} CA
[ ca_reqext ]
keyUsage = critical,keyCertSign,cRLSign
diff --git a/sign-ca.in b/sign-ca.in
index 4448be4..7a66437 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -68,23 +68,23 @@ fi
level_ground_for_new_ca 'signing-ca'
-CA=root-ca openssl req -new \
+CA=root-ca CA_TYPE='Root' openssl req -new \
-config '#ETCDIR#/simple-pki/ca-ssl.conf' \
-out '#ETCDIR#/simple-pki/ca/root-ca.csr' \
-keyout '#ETCDIR#/simple-pki/ca/root-ca/private/root-ca.key'
-CA=root-ca openssl ca -batch -name root_ca -selfsign \
+CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca -selfsign \
-config '#ETCDIR#/simple-pki/ca-ssl.conf' \
-in '#ETCDIR#/simple-pki/ca/root-ca.csr' \
-out '#ETCDIR#/simple-pki/ca/root-ca.crt' \
-extensions root_ca_ext
-CA=signing-ca openssl req -new \
+CA=signing-ca CA_TYPE='Intermediate' openssl req -new \
-config '#ETCDIR#/simple-pki/ca-ssl.conf' \
-out '#ETCDIR#/simple-pki/ca/signing-ca.csr' \
-keyout '#ETCDIR#/simple-pki/ca/signing-ca/private/signing-ca.key'
-CA=root-ca openssl ca -batch -name root_ca \
+CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca \
-config '#ETCDIR#/simple-pki/ca-ssl.conf' \
-in '#ETCDIR#/simple-pki/ca/signing-ca.csr' \
-out '#ETCDIR#/simple-pki/ca/signing-ca.crt' \
diff --git a/sign-request.in b/sign-request.in
index 0185cf4..331815f 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -14,6 +14,8 @@ remove_leading_spaces() {
'
}
+export CA_TYPE='Intermediate'
+
if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \
&& [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then
export CA=signing-ca.old