X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2FCA.sh;h=a0b20d85a97546a67bebbccdce40b3947c7e00fa;hb=036bbcc53ff0b7f0dd442bfea9451cbab4ef930d;hp=d9f3069fb2a61888bc46d4ac5fe7f47869f8f715;hpb=657e60fa00ddde3618600d6306be913214d30457;p=oweals%2Fopenssl.git

diff --git a/apps/CA.sh b/apps/CA.sh
index d9f3069fb2..a0b20d85a9 100644
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -30,14 +30,18 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
-DAYS="-days 365"
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
+DAYS="-days 365"	# 1 year
+CADAYS="-days 1095"	# 3 years
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem
+CAREQ=./careq.pem
 CACERT=./cacert.pem
 
 for i
@@ -49,15 +53,15 @@ case $i in
     ;;
 -newcert) 
     # create a certificate
-    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
     RET=$?
-    echo "Certificate (and private key) is in newreq.pem"
+    echo "Certificate is in newcert.pem, private key is in newkey.pem"
     ;;
 -newreq) 
     # create a certificate request
-    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
     RET=$?
-    echo "Request (and private key) is in newreq.pem"
+    echo "Request is in newreq.pem, private key is in newkey.pem"
     ;;
 -newca)     
     # if explicitly asked for or it doesn't exist then setup the directory
@@ -70,7 +74,7 @@ case $i in
 	mkdir ${CATOP}/crl 
 	mkdir ${CATOP}/newcerts
 	mkdir ${CATOP}/private
-	echo "01" > ${CATOP}/serial
+	echo "00" > ${CATOP}/serial
 	touch ${CATOP}/index.txt
     fi
     if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -83,8 +87,11 @@ case $i in
 	    RET=$?
 	else
 	    echo "Making CA certificate ..."
-	    $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
-			   -out ${CATOP}/$CACERT $DAYS
+	    $REQ -new -keyout ${CATOP}/private/$CAKEY \
+			   -out ${CATOP}/$CAREQ
+	    $CA -out ${CATOP}/$CACERT $CADAYS -batch \
+			   -keyfile ${CATOP}/private/$CAKEY -selfsign \
+			   -infiles ${CATOP}/$CAREQ 
 	    RET=$?
 	fi
     fi