4 certroot
=$
(cd ${0%/*}/..
; pwd)
9 ## Archive any existing CA.
10 if [ -f ca.cert
]; then
12 if [ -f archive
/state
/serial
]; then
13 next
=$
(cat archive
/state
/serial
)
15 mkdir
-p archive
/state
19 mv ca.cert certs crls index private state archive
/"$next"/
20 expr "$next" + 1 >archive
/state
/serial.new
21 mv archive
/state
/serial.new archive
/state
/serial
24 ## Clear out the old CA completely.
25 rm -rf certs index private tmp state
26 rm -f ca.cert distorted.crl
30 mkdir
-m775 certs crls index index
/byhash index
/byserial state tmp
31 chown
$ca_owner:$ca_group certs crls index index
/byhash index
/byserial private state tmp
34 echo 01 >state
/crlnumber
36 ## Set the CA subject name. It won't fit on one line, and there's no
37 ## good way of continuing it. Have fun parsing the sed.
38 subject
=$
(sed -n
's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc
/issuer
)
40 ## Build the new CA key and certificate.
42 openssl req
-new
-config openssl.conf
-x509
-days
3650 \
43 -out ca.cert
-keyout private
/ca.key \
45 chown
$ca_owner:$ca_group private
/ca.key