Update PKI: CA is generated with raw dates
This commit is contained in:
parent
ab7ca08a23
commit
96815e15cc
|
@ -21,6 +21,10 @@ SRVCRT=${SHARED_DIR}/server.crt
|
|||
|
||||
# Generate certificates valid for:
|
||||
DAYS=2
|
||||
STARTDATE=150117000000Z
|
||||
ENDDATE=150120235959Z
|
||||
VALIDITY="-startdate ${STARTDATE} -enddate ${ENDDATE}"
|
||||
#VALIDITY="-days ${DAYS}"
|
||||
|
||||
if [ -z "$PS1" ]
|
||||
then
|
||||
|
@ -85,6 +89,7 @@ case $1 in
|
|||
echo $ECHO_OPTS "${GREEN}Making CA key and csr${COLOR_RST}"
|
||||
sed -i 's/=.*#COMMONNAME/= FIC CA #COMMONNAME/' $OPENSSL_CONF
|
||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||
sed -i "s/=.*#DAYS/= ${DAYS} #DAYS/" $OPENSSL_CONF
|
||||
|
||||
type pwgen > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
|
@ -113,7 +118,7 @@ case $1 in
|
|||
|
||||
echo $ECHO_OPTS "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
||||
if ! openssl ca -batch -create_serial -out ${CACRT} \
|
||||
-days ${DAYS} -keyfile ${CAKEY} \
|
||||
${VALIDITY} -keyfile ${CAKEY} \
|
||||
-selfsign -extensions CORE_CA -config ${OPENSSL_CONF} \
|
||||
-infiles ${CAREQ} > $OUTPUT 2>&1
|
||||
then
|
||||
|
@ -140,6 +145,7 @@ case $1 in
|
|||
exit 2
|
||||
fi
|
||||
sed -i "s/=.*#COMMONNAME/=$2#COMMONNAME/" $OPENSSL_CONF
|
||||
sed -i "s/=.*#DAYS/= ${DAYS} #DAYS/" $OPENSSL_CONF
|
||||
if ! openssl req -batch -new -keyout ${SRVKEY} -out ${SRVREQ} \
|
||||
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
||||
then
|
||||
|
@ -195,6 +201,7 @@ case $1 in
|
|||
|
||||
ESCAPED=$(echo "${PKI_DIR}" | sed 's/[\/\.]/\\&/g')
|
||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||
sed -i "s/=.*#DAYS/= ${DAYS} #DAYS/" $OPENSSL_CONF
|
||||
|
||||
if ! [ -f ${CAKEY} ]; then
|
||||
echo $ECHO_OPTS "${RED}Can not found the CA's key${COLOR_RST}"
|
||||
|
|
|
@ -68,8 +68,8 @@ cert_opt = ca_default # Certificate field options
|
|||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 2 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_days = 2 #DAYS
|
||||
default_crl_days= 1 # how long before next CRL
|
||||
default_md = default # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user