The private key should never have ended up in newreq.pem.

Now, it ends up in newkey.pem instead.

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 39f267d313ad55d8cab750e6b6dc29bc5ce1f07c..9c9973909250a171151c4b560cb627195c5c496b 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -66,19 +66,19 @@ foreach (@ARGV) {
            exit 0;
        } elsif (/^-newcert$/) {
            # create a certificate
-           system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
            $RET=$?;
-           print "Certificate (and private key) is in newreq.pem\n"
+           print "Certificate is in newcert.pem, private key is in newkey.pem\n"
        } elsif (/^-newreq$/) {
            # create a certificate request
-           system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
            $RET=$?;
-           print "Request (and private key) is in newreq.pem\n";
+           print "Request is in newreq.pem, private key is in newkey.pem\n";
        } elsif (/^-newreq-nodes$/) {
            # create a certificate request
-           system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+           system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
            $RET=$?;
-           print "Request (and private key) is in newreq.pem\n";
+           print "Request is in newreq.pem, private key is in newkey.pem\n";
        } elsif (/^-newca$/) {
                # if explicitly asked for or it doesn't exist then setup the
                # directory structure that Eric likes to manage things 
@@ -118,10 +118,11 @@ foreach (@ARGV) {
        } elsif (/^-pkcs12$/) {
            my $cname = $ARGV[1];
            $cname = "My Certificate" unless defined $cname;
-           system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+           system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
                        "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
                        "-export -name \"$cname\"");
            $RET=$?;
+           print "PKCS #12 file is in newcert.p12\n";
            exit $RET;
        } elsif (/^-xsign$/) {
            system ("$CA -policy policy_anything -infiles newreq.pem");

diff --git a/apps/CA.sh b/apps/CA.sh
index 030a11fc25bb2a4eabc6137a5c5f2f7068873611..84d7ec0b3330bac19368b3c880cfcdd8422976bb 100644 (file)
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -51,15 +51,15 @@ case $i in
     ;;
 -newcert) 
     # create a certificate
-    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
     RET=$?
-    echo "Certificate (and private key) is in newreq.pem"
+    echo "Certificate is in newcert.pem, private key is in newkey.pem"
     ;;
 -newreq) 
     # create a certificate request
-    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
     RET=$?
-    echo "Request (and private key) is in newreq.pem"
+    echo "Request is in newreq.pem, private key is in newkey.pem"
     ;;
 -newca)     
     # if explicitly asked for or it doesn't exist then setup the directory