~mdw / ca / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
config.tcl: New profile for devices which can't accept certificate updates.
[ca] / bin / update
diff --git a/bin/update b/bin/update
index 7031c25..fb46363 100755 (executable)
--- a/bin/update
+++ b/bin/update
@@ -30,6 +30,9 @@ sqlite3 db "$CERTROOT/state/ca.db"
 db nullvalue nil
 cd "$CERTROOT"
 
+## Refresh the database's idea of request profiles.
+sync-profiles
+
 ## Reissue certificates for requests which need it.
 set now [now]
 set now_db [time-db $now]
@@ -50,6 +53,10 @@ archive-certificates
 exec openssl ca -config "etc/openssl.conf" -updatedb 2>@1
 
 ## Generate a CRL.
-exec openssl ca -config "etc/openssl.conf" -gencrl -out "crl" 2>@1
+exec openssl ca -config "etc/openssl.conf" -gencrl | \
+    openssl crl -text -out "crl" 2>@1
+
+## Call the user hook.
+update-hook
 
 ###----- That's all, folks --------------------------------------------------
A simple X.509 certificate authority.