summaryrefslogtreecommitdiff
path: root/sign-request.in
diff options
context:
space:
mode:
Diffstat (limited to 'sign-request.in')
-rwxr-xr-xsign-request.in10
1 files changed, 9 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in
index e64ed93..6266e45 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -98,10 +98,18 @@ while read -r csr; do
if [ ! -f "${key_dir}/${ca_name}.key" ] \
|| [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then
key_to_use="${key_dir}/${ca_name}.key.new"
+ crt_to_use="${key_dir}/${ca_name}.crt.new"
else
key_to_use="${key_dir}/${ca_name}.key"
+ crt_to_use="${key_dir}/${ca_name}.crt"
fi
- openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false'
+ openssl x509 -req \
+ -CAkey "${key_to_use}" \
+ -CA "${crt_to_use}" \
+ -CAserial "${key_dir}/${ca_name}.srl" \
+ -CAcreateserial \
+ -in "${csr_local}" \
+ -out "${csr_local%.csr}.crt"
rm "${csr_local}"
done