diff options
Diffstat (limited to 'gensignedcert.sh')
| -rwxr-xr-x | gensignedcert.sh | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/gensignedcert.sh b/gensignedcert.sh index 10c909c..b51f69b 100755 --- a/gensignedcert.sh +++ b/gensignedcert.sh @@ -1,6 +1,7 @@ -#!/bin/sh -# ./keygen [name] (configfile) +#!/bin/bash +# ./gensignedcert.sh [name] (configfile) # This is only suggested if you have a secured path to deliver this new key through. +# requires bash 3.0 regexes set -e @@ -24,7 +25,7 @@ mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs openssl req -config "$OPENSSL_CONFIG" -new -nodes -out "$CA"/temp/"$1".csr -keyout "$CA"/temp/"$1".key chmod 600 "$CA"/temp/"$1".key SERIAL=$(cat "$CA"/ca/"$CA".serial) -openssl ca -config "$OPENSSL_CONFIG" -in "$CA"/temp/"$1".csr +openssl ca -config <( ./ekusub.sh "serverAuth" < "$OPENSSL_CONFIG" ) -in "$CA"/temp/"$1".csr if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead. mv -i "$CA"/temp/"$1".csr "$CA"/temp/"$1".key "$CA"/signed/ ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as by serial |