From 923ed7ef117f921d7827821962ef597b366e2eef Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 14 Jan 2020 09:21:07 +0100
Subject: set proper name for cas

---
 etc/ca-ssl.conf.in | 2 +-
 sign-ca.in         | 8 ++++----
 sign-request.in    | 2 ++
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in
index d0a66a3..ad92ff5 100644
--- a/etc/ca-ssl.conf.in
+++ b/etc/ca-ssl.conf.in
@@ -27,7 +27,7 @@ req_extensions          = ca_reqext             # Desired extensions
 1.domainComponent       = "eckner"
 organizationName        = "Eckner Net"
 organizationalUnitName  = "Eckner Net CA"
-commonName              = Eckner Net ${ENV::CA} CA
+commonName              = Eckner Net ${ENV::CA_TYPE} CA
 
 [ ca_reqext ]
 keyUsage                = critical,keyCertSign,cRLSign
diff --git a/sign-ca.in b/sign-ca.in
index 4448be4..7a66437 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -68,23 +68,23 @@ fi
 
 level_ground_for_new_ca 'signing-ca'
 
-CA=root-ca openssl req -new \
+CA=root-ca CA_TYPE='Root' openssl req -new \
   -config '#ETCDIR#/simple-pki/ca-ssl.conf' \
   -out '#ETCDIR#/simple-pki/ca/root-ca.csr' \
   -keyout '#ETCDIR#/simple-pki/ca/root-ca/private/root-ca.key'
 
-CA=root-ca openssl ca -batch -name root_ca -selfsign \
+CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca -selfsign \
   -config '#ETCDIR#/simple-pki/ca-ssl.conf' \
   -in '#ETCDIR#/simple-pki/ca/root-ca.csr' \
   -out '#ETCDIR#/simple-pki/ca/root-ca.crt' \
   -extensions root_ca_ext
 
-CA=signing-ca openssl req -new \
+CA=signing-ca CA_TYPE='Intermediate' openssl req -new \
   -config '#ETCDIR#/simple-pki/ca-ssl.conf' \
   -out '#ETCDIR#/simple-pki/ca/signing-ca.csr' \
   -keyout '#ETCDIR#/simple-pki/ca/signing-ca/private/signing-ca.key'
 
-CA=root-ca openssl ca -batch -name root_ca \
+CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca \
   -config '#ETCDIR#/simple-pki/ca-ssl.conf' \
   -in '#ETCDIR#/simple-pki/ca/signing-ca.csr' \
   -out '#ETCDIR#/simple-pki/ca/signing-ca.crt' \
diff --git a/sign-request.in b/sign-request.in
index 0185cf4..331815f 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -14,6 +14,8 @@ remove_leading_spaces() {
   '
 }
 
+export CA_TYPE='Intermediate'
+
 if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \
 && [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then
   export CA=signing-ca.old
-- 
cgit v1.2.3-54-g00ecf