~mdw / ca / blob
? search:


825f11571707d35555a0d2a8f5634ff4e8ccced4
[ca] / bin / make-cert
1 #! /bin/sh
2
3 set -e
4 certroot=$(cd ${0%/*}/..; pwd)
5 . "$certroot"/lib/func.sh
6 runas_ca "$@"
7
8 ## Parse the command line.
9 case "$#" in
10 3) ;;
11 *) echo >&2 "Usage: $0 TAG PROFILE FILE"; exit 1 ;;
12 esac
13 tag=$1 profile=$2 file=$3
14
15 ## Make sure we're not overwriting anything. Put sequence numbers
16 ## into labels to prevent bad things from happening.
17 if [ -f "$certroot"/certs/"$tag".cert ]; then
18 echo >&2 "$0: certificate $tag already exists"
19 exit 1
20 fi
21
22 ## Make a temporary copy of the certificate. This prevents a race, and
23 ## more importantly lets us change directory.
24 cp "$file" "$certroot"/tmp/"$tag".req
25 cd "$certroot"
26
27 ## Make the certificate.
28 openssl ca -config openssl.conf -extensions $profile-extensions \
29 -in tmp/"$tag".req -out tmp/"$tag".cert
30
31 ## Install a hash link the benefit of OpenSSL's `verify' command and
32 ## similar, and install the completed request and certificate in the
33 ## archive.
34 mv tmp/"$tag".req tmp/"$tag".cert certs/
35 linkserial certs/"$tag".cert
36 linkhash certs/"$tag".cert
37 rm tmp/*.pem
38
39 ## Output the certificate.
40 openssl x509 -in certs/"$tag".cert
A simple X.509 certificate authority.