+++ /dev/null
-#! /bin/sh
-
-set -e
-certroot=$(cd ${0%/*}/..; pwd)
-cd "$certroot"
-. lib/func.sh
-umask 022
-
-## Archive any existing CA.
-if [ -f ca.cert ]; then
- mkdir -p archive
- if [ -f archive/state/serial ]; then
- next=$(cat archive/state/serial)
- else
- mkdir -p archive/state
- next=1
- fi
- mkdir archive/"$next"
- mv ca.cert certs crls index private state archive/"$next"/
- expr "$next" + 1 >archive/state/serial.new
- mv archive/state/serial.new archive/state/serial
-fi
-
-## Clear out the old CA completely.
-rm -rf certs index private tmp state
-rm -f ca.cert distorted.crl
-
-## Build a new one.
-mkdir -m750 private
-mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
-touch state/db
-echo 01 >state/serial
-echo 01 >state/crlnumber
-
-## Set the CA subject name. It won't fit on one line, and there's no
-## good way of continuing it. Have fun parsing the sed.
-subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer)
-
-## Build the new CA key and certificate.
-umask 027
-openssl req -new -config openssl.conf -x509 -days 3650 \
- -out ca.cert -keyout private/ca.key \
- -subj "$subject"
-chown $ca_owner:$ca_group private/ca.key
-chmod 644 ca.cert