CA.sh: fixed newserver

2013-11-29 03:15:33 +01:00 · 2013-11-29 03:15:33 +01:00 · cc5bd08c37
commit cc5bd08c37
parent 9cc1110717
1 changed files with 7 additions and 5 deletions
--- a/misc/CA.sh
+++ b/misc/CA.sh
@ -1,7 +1,7 @@
 # TODO key usage

 if [[ -z "${TOP_DIR}" ]]; then
-    TOP_DIR=fic_pki
+    TOP_DIR=pki
 fi

 if [[ -z "${OPENSSL_CONF}" ]]; then
@ -51,7 +51,7 @@ case $1 in
            exit 5
        fi

-        pass=`pwgen 10 1`
+        pass=`pwgen -n -B -y 12 1`

        openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY}         \
                    -out ${TOP_DIR}/${CAREQ} -passout pass:$pass            \
@ -74,9 +74,11 @@ case $1 in
            exit 2
        fi
        sed -i 's/=.*#COMMONNAME/= FIC2014 Server #COMMONNAME/' $OPENSSL_CONF
-        openssl req -batch -new -keyout server.key -out server.csr -days ${DAYS}
+        openssl req -batch -new -keyout server.key -out server.csr          \
+                    -days ${DAYS} -config ${OPENSS_CONF}
        echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
-        openssl ca -policy policy_match -out server.crt -infiles server.csr
+        openssl ca -policy policy_match -config ${OPENSSL_CONF}             \
+                   -out server.crt -infiles server.csr
        if [ $? -ne 0 ]; then
            echo -e "${RED}Signing failed for new server${COLOR_RST}"
            rm -rf server.key server.crt server.csr
@ -106,7 +108,7 @@ case $1 in
            exit 5
        fi

-        pass=`pwgen 10 1`
+        pass=`pwgen -n -B -y 12 1`

        openssl req -batch -new -keyout ${2}.key -out ${2}.csr              \
                    -config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS}