diff options
| author | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:33:59 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:33:59 +0000 |
| commit | 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 (patch) | |
| tree | a7d45496f96476ba095e385f7a3502dde1f9b6b7 /apps/CA.sh | |
| parent | e6526fbf4dc894d71ae3517a1ba484475b79b402 (diff) | |
| download | openssl-16b1b03543fc6362f9e48f1bd9d4b153ea58c553.tar.gz | |
Implement self-signing in 'openssl ca'. This makes it easier to have
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
Diffstat (limited to 'apps/CA.sh')
| -rw-r--r-- | apps/CA.sh | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/apps/CA.sh b/apps/CA.sh index d9f3069fb2..e63a2267ee 100644 --- a/apps/CA.sh +++ b/apps/CA.sh @@ -30,7 +30,8 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -DAYS="-days 365" +DAYS="-days 365" # 1 year +CADAYS="-days 1095" # 3 years REQ="openssl req $SSLEAY_CONFIG" CA="openssl ca $SSLEAY_CONFIG" VERIFY="openssl verify" @@ -38,6 +39,7 @@ X509="openssl x509" CATOP=./demoCA CAKEY=./cakey.pem +CAREQ=./careq.pem CACERT=./cacert.pem for i @@ -70,7 +72,7 @@ case $i in mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private - echo "01" > ${CATOP}/serial + echo "00" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,8 +85,11 @@ case $i in RET=$? else echo "Making CA certificate ..." - $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CACERT $DAYS + $REQ -new -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi |