diff options
| -rwxr-xr-x | sign-request.in | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in index 89912b4..db944e4 100755 --- a/sign-request.in +++ b/sign-request.in @@ -95,7 +95,13 @@ while read -r csr; do rm "${csr_local}" continue fi - openssl req -x509 -key "${key_dir}/${ca_name}.key.new" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' + if [ ! -f "${key_dir}/${ca_name}.key" ] \ + || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then + key_to_use="${key_dir}/${ca_name}.key.new" + else + key_to_use="${key_dir}/${ca_name}.key" + fi + openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' rm "${csr_local}" done |