4 certroot
=$
(cd ${0%/*}/..
; pwd)
8 ## Archive any existing CA.
9 if [ -f ca.cert
]; then
11 if [ -f archive
/state
/serial
]; then
12 next
=$
(cat archive
/state
/serial
)
14 mkdir
-p archive
/state
18 mv ca.cert certs crls index private state archive
/"$next"/
19 expr "$next" + 1 >archive
/state
/serial.new
20 mv archive
/state
/serial.new archive
/state
/serial
23 ## Clear out the old CA completely.
24 rm -rf certs index private tmp state
25 rm -f ca.cert distorted.crl
29 mkdir
-m775 certs crls index index
/byhash index
/byserial state tmp
30 chown root
:ca certs crls index index
/byhash index
/byserial private state tmp
33 echo 01 >state
/crlnumber
35 ## Set the CA subject name. It won't fit on one line, and there's no
36 ## good way of continuing it. Have fun parsing the sed.
37 subject
=$
(sed -n
's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <<EOF
41 OU=Certificate Authority
42 CN=distorted.org.uk top-level CA
43 emailAddress=ca@distorted.org.uk
47 ## Build the new CA key and certificate.
49 openssl req
-new
-config openssl.conf
-x509
-days
3650 \
50 -out ca.cert
-keyout private
/ca.key \
52 chown root
:ca private
/ca.key