diff options
-rw-r--r-- | etc/ca-ssl.conf.in | 2 | ||||
-rwxr-xr-x | sign-ca.in | 8 | ||||
-rwxr-xr-x | sign-request.in | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in index d0a66a3..ad92ff5 100644 --- a/etc/ca-ssl.conf.in +++ b/etc/ca-ssl.conf.in @@ -27,7 +27,7 @@ req_extensions = ca_reqext # Desired extensions 1.domainComponent = "eckner" organizationName = "Eckner Net" organizationalUnitName = "Eckner Net CA" -commonName = Eckner Net ${ENV::CA} CA +commonName = Eckner Net ${ENV::CA_TYPE} CA [ ca_reqext ] keyUsage = critical,keyCertSign,cRLSign @@ -68,23 +68,23 @@ fi level_ground_for_new_ca 'signing-ca' -CA=root-ca openssl req -new \ +CA=root-ca CA_TYPE='Root' openssl req -new \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -out '#ETCDIR#/simple-pki/ca/root-ca.csr' \ -keyout '#ETCDIR#/simple-pki/ca/root-ca/private/root-ca.key' -CA=root-ca openssl ca -batch -name root_ca -selfsign \ +CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca -selfsign \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in '#ETCDIR#/simple-pki/ca/root-ca.csr' \ -out '#ETCDIR#/simple-pki/ca/root-ca.crt' \ -extensions root_ca_ext -CA=signing-ca openssl req -new \ +CA=signing-ca CA_TYPE='Intermediate' openssl req -new \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -out '#ETCDIR#/simple-pki/ca/signing-ca.csr' \ -keyout '#ETCDIR#/simple-pki/ca/signing-ca/private/signing-ca.key' -CA=root-ca openssl ca -batch -name root_ca \ +CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in '#ETCDIR#/simple-pki/ca/signing-ca.csr' \ -out '#ETCDIR#/simple-pki/ca/signing-ca.crt' \ diff --git a/sign-request.in b/sign-request.in index 0185cf4..331815f 100755 --- a/sign-request.in +++ b/sign-request.in @@ -14,6 +14,8 @@ remove_leading_spaces() { ' } +export CA_TYPE='Intermediate' + if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \ && [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then export CA=signing-ca.old |