Almost a complete rewrite.

[ca] / bin / make-ca-key

diff --git a/bin/make-ca-key b/bin/make-ca-key
deleted file mode 100755 (executable)
index d24a902..0000000
--- a/bin/make-ca-key
+++ /dev/null
@@ -1,46 +0,0 @@
-#! /bin/sh
-
-set -e
-certroot=$(cd ${0%/*}/..; pwd)
-cd "$certroot"
-. lib/func.sh
-umask 022
-
-## Archive any existing CA.
-if [ -f ca.cert ]; then
-  mkdir -p archive
-  if [ -f archive/state/serial ]; then
-    next=$(cat archive/state/serial)
-  else
-    mkdir -p archive/state
-    next=1
-  fi
-  mkdir archive/"$next"
-  mv ca.cert certs crls index private state archive/"$next"/
-  expr "$next" + 1 >archive/state/serial.new
-  mv archive/state/serial.new archive/state/serial
-fi
-
-## Clear out the old CA completely.
-rm -rf certs index private tmp state
-rm -f ca.cert distorted.crl
-
-## Build a new one.
-mkdir -m750 private
-mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
-touch state/db
-echo 01 >state/serial
-echo 01 >state/crlnumber
-
-## Set the CA subject name.  It won't fit on one line, and there's no
-## good way of continuing it.  Have fun parsing the sed.
-subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer)
-
-## Build the new CA key and certificate.
-umask 027
-openssl req -new -config openssl.conf -x509 -days 3650 \
-       -out ca.cert -keyout private/ca.key \
-       -subj "$subject"
-chown $ca_owner:$ca_group private/ca.key
-chmod 644 ca.cert