From 923ed7ef117f921d7827821962ef597b366e2eef Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Tue, 14 Jan 2020 09:21:07 +0100 Subject: set proper name for cas --- etc/ca-ssl.conf.in | 2 +- sign-ca.in | 8 ++++---- sign-request.in | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in index d0a66a3..ad92ff5 100644 --- a/etc/ca-ssl.conf.in +++ b/etc/ca-ssl.conf.in @@ -27,7 +27,7 @@ req_extensions = ca_reqext # Desired extensions 1.domainComponent = "eckner" organizationName = "Eckner Net" organizationalUnitName = "Eckner Net CA" -commonName = Eckner Net ${ENV::CA} CA +commonName = Eckner Net ${ENV::CA_TYPE} CA [ ca_reqext ] keyUsage = critical,keyCertSign,cRLSign diff --git a/sign-ca.in b/sign-ca.in index 4448be4..7a66437 100755 --- a/sign-ca.in +++ b/sign-ca.in @@ -68,23 +68,23 @@ fi level_ground_for_new_ca 'signing-ca' -CA=root-ca openssl req -new \ +CA=root-ca CA_TYPE='Root' openssl req -new \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -out '#ETCDIR#/simple-pki/ca/root-ca.csr' \ -keyout '#ETCDIR#/simple-pki/ca/root-ca/private/root-ca.key' -CA=root-ca openssl ca -batch -name root_ca -selfsign \ +CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca -selfsign \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in '#ETCDIR#/simple-pki/ca/root-ca.csr' \ -out '#ETCDIR#/simple-pki/ca/root-ca.crt' \ -extensions root_ca_ext -CA=signing-ca openssl req -new \ +CA=signing-ca CA_TYPE='Intermediate' openssl req -new \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -out '#ETCDIR#/simple-pki/ca/signing-ca.csr' \ -keyout '#ETCDIR#/simple-pki/ca/signing-ca/private/signing-ca.key' -CA=root-ca openssl ca -batch -name root_ca \ +CA=root-ca CA_TYPE='Root' openssl ca -batch -name root_ca \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in '#ETCDIR#/simple-pki/ca/signing-ca.csr' \ -out '#ETCDIR#/simple-pki/ca/signing-ca.crt' \ diff --git a/sign-request.in b/sign-request.in index 0185cf4..331815f 100755 --- a/sign-request.in +++ b/sign-request.in @@ -14,6 +14,8 @@ remove_leading_spaces() { ' } +export CA_TYPE='Intermediate' + if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \ && [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then export CA=signing-ca.old -- cgit v1.2.3-70-g09d2