From: Mark Wooding Date: Wed, 30 Nov 2022 10:31:31 +0000 (+0000) Subject: bin/setup, lib/func.tcl: Move root key generation into the library. X-Git-Url: https://git.distorted.org.uk/~mdw/ca/commitdiff_plain/d811166df9c753aa43e9c6e6449b6c0a383ae2bf bin/setup, lib/func.tcl: Move root key generation into the library. --- diff --git a/bin/setup b/bin/setup index b0e2226..723a4c0 100755 --- a/bin/setup +++ b/bin/setup @@ -61,18 +61,7 @@ file attributes "state/ca.db.new" \ ## Generate the private CA key. make-directories 0750 "private" -set subject "" -foreach {attr value} $C(ca-name) { append subject "/$attr=$value" } -exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \ - -text -out "ca.cert" -keyout "private/ca.key" \ - -new -x509 -days $C(ca-period) \ - -subj $subject -file attributes "private/ca.key" \ - -owner $C(ca-owner) -group $C(ca-group) \ - -permissions 0640 -file attributes "ca.cert" \ - -owner $C(ca-owner) -group $C(ca-group) \ - -permissions 0644 +generate-root-key ## Set up the directories for the actual certificates. These are published ## by the web server. diff --git a/lib/func.tcl b/lib/func.tcl index 3dd35c3..1b53f2f 100644 --- a/lib/func.tcl +++ b/lib/func.tcl @@ -496,6 +496,26 @@ proc cert-seq {file} { } ###-------------------------------------------------------------------------- +### Generating the root key. + +proc generate-root-key {} { + global C + + set subject "" + foreach {attr value} $C(ca-name) { append subject "/$attr=$value" } + exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \ + -text -out "ca.cert" -keyout "private/ca.key" \ + -new -x509 -days $C(ca-period) \ + -subj $subject + file attributes "private/ca.key" \ + -owner $C(ca-owner) -group $C(ca-group) \ + -permissions 0640 + file attributes "ca.cert" \ + -owner $C(ca-owner) -group $C(ca-group) \ + -permissions 0644 +} + +###-------------------------------------------------------------------------- ### Certificate requests. proc request-match {reqid cond} {