From 70171c27198eaafbc16ec7c65706eab7485916f4 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Mon, 2 Sep 2019 10:45:14 +0200
Subject: merge ca configs

---
 website-run-through | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'website-run-through')

diff --git a/website-run-through b/website-run-through
index 0432ba1..9903bd6 100755
--- a/website-run-through
+++ b/website-run-through
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 rm -rf --one-file-system ca certs
 
 mkdir -p ca/root-ca/private ca/root-ca/db crl certs
@@ -10,13 +12,13 @@ cp /dev/null ca/root-ca/db/root-ca.db.attr
 echo 01 > ca/root-ca/db/root-ca.crt.srl
 echo 01 > ca/root-ca/db/root-ca.crl.srl
 
-openssl req -new \
-    -config etc/root-ca.conf \
+CA=root-ca openssl req -new \
+    -config etc/ca.conf \
     -out ca/root-ca.csr \
     -keyout ca/root-ca/private/root-ca.key
 
-openssl ca -batch -selfsign \
-    -config etc/root-ca.conf \
+CA=root-ca openssl ca -batch -name root_ca -selfsign \
+    -config etc/ca.conf \
     -in ca/root-ca.csr \
     -out ca/root-ca.crt \
     -extensions root_ca_ext
@@ -29,13 +31,13 @@ cp /dev/null ca/signing-ca/db/signing-ca.db.attr
 echo 01 > ca/signing-ca/db/signing-ca.crt.srl
 echo 01 > ca/signing-ca/db/signing-ca.crl.srl
 
-openssl req -new \
-    -config etc/signing-ca.conf \
+CA=signing-ca openssl req -new \
+    -config etc/ca.conf \
     -out ca/signing-ca.csr \
     -keyout ca/signing-ca/private/signing-ca.key
 
-openssl ca -batch \
-    -config etc/root-ca.conf \
+CA=root-ca openssl ca -batch -name root_ca \
+    -config etc/ca.conf \
     -in ca/signing-ca.csr \
     -out ca/signing-ca.crt \
     -extensions signing_ca_ext
@@ -47,8 +49,8 @@ openssl req -new \
     -out /tmp/nginx.csr \
     -keyout /tmp/nginx.key
 
-openssl ca -batch \
-    -config etc/signing-ca.conf \
+CA=signing-ca openssl ca -batch -name signing_ca \
+    -config etc/ca.conf \
     -in /tmp/nginx.csr \
     -out /tmp/nginx.crt \
     -extensions server_ext
@@ -62,6 +64,6 @@ curl -Ss https://test.local --cacert ca/root-ca.crt
 exit 0
 
 openssl ca \
-    -config etc/signing-ca.conf \
+    -config etc/ca.conf \
     -revoke ca/signing-ca/01.pem \
     -crl_reason superseded
-- 
cgit v1.2.3-54-g00ecf