diff options
Diffstat (limited to 'sign-request.in')
-rwxr-xr-x | sign-request.in | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in index e64ed93..6266e45 100755 --- a/sign-request.in +++ b/sign-request.in @@ -98,10 +98,18 @@ while read -r csr; do if [ ! -f "${key_dir}/${ca_name}.key" ] \ || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then key_to_use="${key_dir}/${ca_name}.key.new" + crt_to_use="${key_dir}/${ca_name}.crt.new" else key_to_use="${key_dir}/${ca_name}.key" + crt_to_use="${key_dir}/${ca_name}.crt" fi - openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints = critical, CA:false' + openssl x509 -req \ + -CAkey "${key_to_use}" \ + -CA "${crt_to_use}" \ + -CAserial "${key_dir}/${ca_name}.srl" \ + -CAcreateserial \ + -in "${csr_local}" \ + -out "${csr_local%.csr}.crt" rm "${csr_local}" done |