set -e
certroot=$(cd ${0%/*}/..; pwd)
cd "$certroot"
+. lib/func.sh
umask 022
## Archive any existing CA.
## Build a new one.
mkdir -m750 private
mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown root:ca certs crls index index/byhash index/byserial private state tmp
+chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
touch state/db
echo 01 >state/serial
echo 01 >state/crlnumber
openssl req -new -config openssl.conf -x509 -days 3650 \
-out ca.cert -keyout private/ca.key \
-subj "$subject"
-chown root:ca private/ca.key
+chown $ca_owner:$ca_group private/ca.key
chmod 644 ca.cert