set -e
certroot=$(cd ${0%/*}/..; pwd)
cd "$certroot"
+. lib/func.sh
umask 022
## Archive any existing CA.
## Build a new one.
mkdir -m750 private
mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown root:ca certs crls index index/byhash index/byserial private state tmp
+chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
touch state/db
echo 01 >state/serial
echo 01 >state/crlnumber
## Set the CA subject name. It won't fit on one line, and there's no
## good way of continuing it. Have fun parsing the sed.
-subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <<EOF
-C=GB
-ST=Cambridgeshire
-O=distorted.org.uk
-OU=Certificate Authority
-CN=distorted.org.uk top-level CA
-emailAddress=ca@distorted.org.uk
-EOF
-)
+subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer)
## Build the new CA key and certificate.
umask 027
openssl req -new -config openssl.conf -x509 -days 3650 \
-out ca.cert -keyout private/ca.key \
-subj "$subject"
-chown root:ca private/ca.key
+chown $ca_owner:$ca_group private/ca.key
chmod 644 ca.cert