~mdw / ca / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bin/make-ca-key, lib/func.sh: Make user and group names configurable.
[ca] / bin / make-ca-key
diff --git a/bin/make-ca-key b/bin/make-ca-key
index bb3f83b..d24a902 100755 (executable)
--- a/bin/make-ca-key
+++ b/bin/make-ca-key
@@ -3,6 +3,7 @@
 set -e
 certroot=$(cd ${0%/*}/..; pwd)
 cd "$certroot"
+. lib/func.sh
 umask 022
 
 ## Archive any existing CA.
@@ -27,7 +28,7 @@ rm -f ca.cert distorted.crl
 ## Build a new one.
 mkdir -m750 private
 mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown root:ca certs crls index index/byhash index/byserial private state tmp
+chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
 touch state/db
 echo 01 >state/serial
 echo 01 >state/crlnumber
@@ -41,5 +42,5 @@ umask 027
 openssl req -new -config openssl.conf -x509 -days 3650 \
        -out ca.cert -keyout private/ca.key \
        -subj "$subject"
-chown root:ca private/ca.key
+chown $ca_owner:$ca_group private/ca.key
 chmod 644 ca.cert
A simple X.509 certificate authority.