HCoop Git - clinton/scripts.git/blame_incremental

... / ...

Commit	Line	Data
	1	#!/bin/sh -e
	2	#
	3	# Sign a certificate request as a CA. Run this on deleuze as an
	4	# admin.
	5	#
	6	# Usage: ca-sign days request.csr out-cert-file.pem
	7
	8	if test -n "$3" \|\| test -z "$2"; then
	9	echo "Incorrect arguments."
	10	echo "Usage: ca-sign days request.csr out-cert-file.pem"
	11	exit 1
	12	fi
	13
	14	DIR=/var/local/lib/ca
	15	CONF=$DIR/openssl.cnf
	16	POLICY=policy_anything
	17
	18	# Certificate revocation list
	19	CRL1=$DIR/crl-v1
	20	CRL2=$DIR/crl-v2
	21	CA_LOC=/afs/hcoop.net/user/h/hc/hcoop/public_html/ca
	22
	23	DAYS=$1
	24	REQUEST=$2
	25	PEM=$3
	26	ID=$(cat -- $DIR/serial)
	27
	28	# Sign.
	29	echo "Signing certificate request $REQUEST ..."
	30	openssl ca -config $CONF -policy $POLICY -out $PEM -in $REQUEST -days $DAYS
	31	echo
	32
	33	# Make a copy of the request
	34	cp $REQUEST $DIR/requests/$ID.csr
	35
	36	# Update revocation list.
	37	echo "Updating certificate revocation list ..."
	38	openssl ca -config $CONF -batch -gencrl -crldays 30 -out $CRL1.pem
	39	openssl crl -outform DER -out $CRL1.crl -in $CRL1.pem
	40	openssl ca -config $CONF -batch -gencrl -crldays 30 -crlexts crl_ext \
	41	-out $CRL2.pem
	42	openssl crl -outform DER -out $CRL2.crl -in $CRL2.pem
	43	cp $CRL1.crl $CRL2.crl $CA_LOC
	44	echo
	45
	46	echo "Don't forget to run ca-install to install the signed certificate!"