X-Git-Url: https://git.distorted.org.uk/~mdw/ca/blobdiff_plain/69ab55f79b5b6109be503ff8d61fba82b1468360..1f46e0424b4431efa6b2521d82dc8ed371bb10d2:/bin/setup

diff --git a/bin/setup b/bin/setup
index ab3d0b2..b0e2226 100755
--- a/bin/setup
+++ b/bin/setup
@@ -1,4 +1,4 @@
-#! /usr/bin/tclsh8.5
+#! /usr/bin/tclsh
 ### -*-tcl-*-
 ###
 ### Initialize a new certificate authority.
@@ -64,12 +64,15 @@ make-directories 0750 "private"
 set subject ""
 foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
 exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
-    -out "ca.cert" -keyout "private/ca.key" \
+    -text -out "ca.cert" -keyout "private/ca.key" \
     -new -x509 -days $C(ca-period) \
     -subj $subject
-file attributes "ca.cert" \
+file attributes "private/ca.key" \
     -owner $C(ca-owner) -group $C(ca-group) \
     -permissions 0640
+file attributes "ca.cert" \
+    -owner $C(ca-owner) -group $C(ca-group) \
+    -permissions 0644
 
 ## Set up the directories for the actual certificates.  These are published
 ## by the web server.