From f46afcd7a0cd2f38a99b24257fcfb218f6bfa1fe Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Sun, 1 Sep 2019 23:15:54 +0200
Subject: sign-request.in: set correct issuer

---
 sign-request.in | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'sign-request.in')

diff --git a/sign-request.in b/sign-request.in
index e64ed93..6266e45 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -98,10 +98,18 @@ while read -r csr; do
   if [ ! -f "${key_dir}/${ca_name}.key" ] \
   || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then
     key_to_use="${key_dir}/${ca_name}.key.new"
+    crt_to_use="${key_dir}/${ca_name}.crt.new"
   else
     key_to_use="${key_dir}/${ca_name}.key"
+    crt_to_use="${key_dir}/${ca_name}.crt"
   fi
-  openssl req -x509 -key "${key_to_use}" -in "${csr_local}" -out "${csr_local%.csr}.crt" -addext 'basicConstraints       = critical, CA:false'
+  openssl x509 -req \
+    -CAkey "${key_to_use}" \
+    -CA "${crt_to_use}" \
+    -CAserial "${key_dir}/${ca_name}.srl" \
+    -CAcreateserial \
+    -in "${csr_local}" \
+    -out "${csr_local%.csr}.crt"
   rm "${csr_local}"
 done
 
-- 
cgit v1.2.3-70-g09d2