summaryrefslogtreecommitdiff
path: root/sign-ca.in
diff options
context:
space:
mode:
Diffstat (limited to 'sign-ca.in')
-rwxr-xr-xsign-ca.in26
1 files changed, 26 insertions, 0 deletions
diff --git a/sign-ca.in b/sign-ca.in
index 25d1a98..f000dc3 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -20,6 +20,19 @@ if [ -f '#ETCDIR#/simple-pki/ca/root-ca.crt' ]; then
mv \
'#ETCDIR#/simple-pki/ca/root-ca.crt' \
'#ETCDIR#/simple-pki/ca/root-ca.crt.old'
+ rm -rf --one-file-system \
+ '#ETCDIR#/simple-pki/ca/root-ca.old'
+ mv \
+ '#ETCDIR#/simple-pki/ca/root-ca' \
+ '#ETCDIR#/simple-pki/ca/root-ca.old'
+ install -d -m0755 '#ETCDIR#/simple-pki/ca/root-ca/db'
+ install -d -m0700 '#ETCDIR#/simple-pki/ca/root-ca/private'
+ touch \
+ '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.db' \
+ '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.db.attr'
+ echo '01' \
+ |tee '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.crt.srl' \
+ >'#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.crl.srl'
else
>&2 echo 'nothing to do: "old" root certificate is too new'
exit
@@ -30,6 +43,19 @@ if [ -f '#ETCDIR#/simple-pki/ca/signing-ca.crt' ]; then
mv \
'#ETCDIR#/simple-pki/ca/signing-ca.crt' \
'#ETCDIR#/simple-pki/ca/signing-ca.crt.old'
+ rm -rf --one-file-system \
+ '#ETCDIR#/simple-pki/ca/signing-ca.old'
+ mv \
+ '#ETCDIR#/simple-pki/ca/signing-ca' \
+ '#ETCDIR#/simple-pki/ca/signing-ca.old'
+ install -d -m0755 '#ETCDIR#/simple-pki/ca/signing-ca/db'
+ install -d -m0700 '#ETCDIR#/simple-pki/ca/signing-ca/private'
+ touch \
+ '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.db' \
+ '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.db.attr'
+ echo '01' \
+ |tee '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.crt.srl' \
+ >'#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.crl.srl'
fi
CA=root-ca openssl req -new \
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-06-22 06:35:17 +0000