Commit | Line | Data |
---|---|---|
b294f6b5 MW |
1 | #! /bin/sh |
2 | ||
3 | set -e | |
4 | certroot=$(cd ${0%/*}/..; pwd) | |
5 | cd "$certroot" | |
6 | umask 022 | |
7 | ||
8 | ## Archive any existing CA. | |
9 | if [ -f ca.cert ]; then | |
10 | mkdir -p archive | |
11 | if [ -f archive/state/serial ]; then | |
12 | next=$(cat archive/state/serial) | |
13 | else | |
14 | mkdir -p archive/state | |
15 | next=1 | |
16 | fi | |
17 | mkdir archive/"$next" | |
18 | mv ca.cert certs crls index private state archive/"$next"/ | |
19 | expr "$next" + 1 >archive/state/serial.new | |
20 | mv archive/state/serial.new archive/state/serial | |
21 | fi | |
22 | ||
23 | ## Clear out the old CA completely. | |
24 | rm -rf certs index private tmp state | |
25 | rm -f ca.cert distorted.crl | |
26 | ||
27 | ## Build a new one. | |
28 | mkdir -m750 private | |
29 | mkdir -m775 certs crls index index/byhash index/byserial state tmp | |
30 | chown root:ca certs crls index index/byhash index/byserial private state tmp | |
31 | touch state/db | |
32 | echo 01 >state/serial | |
33 | echo 01 >state/crlnumber | |
34 | ||
35 | ## Set the CA subject name. It won't fit on one line, and there's no | |
36 | ## good way of continuing it. Have fun parsing the sed. | |
0208298d | 37 | subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer) |
b294f6b5 MW |
38 | |
39 | ## Build the new CA key and certificate. | |
40 | umask 027 | |
41 | openssl req -new -config openssl.conf -x509 -days 3650 \ | |
42 | -out ca.cert -keyout private/ca.key \ | |
43 | -subj "$subject" | |
44 | chown root:ca private/ca.key | |
45 | chmod 644 ca.cert |