HCoop / clinton / scripts.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Sync new-user fix from common area
[clinton/scripts.git] / ca-sign
1 #!/bin/sh -e
2 #
3 # Sign a certificate request as a CA. Run this on deleuze as an
4 # admin.
5 #
6 # Usage: ca-sign days request.csr out-cert-file.pem
7
8 test -n "$3" || exit 1
9
10 DIR=/var/local/lib/ca
11 CONF=$DIR/openssl.cnf
12 POLICY=policy_anything
13
14 # Certificate revocation list
15 CRL1=$DIR/crl-v1
16 CRL2=$DIR/crl-v2
17 CA_LOC=/afs/hcoop.net/user/h/hc/hcoop/public_html/ca
18
19 DAYS=$1
20 REQUEST=$2
21 PEM=$3
22 ID=$(cat -- $DIR/serial)
23
24 # Sign.
25 echo "Signing certificate request $REQUEST ..."
26 openssl ca -config $CONF -policy $POLICY -out $PEM -in $REQUEST -days $DAYS
27 echo
28
29 # Make a copy of the request
30 cp $REQUEST $DIR/requests/$ID.csr
31
32 # Update revocation list.
33 echo "Updating certificate revocation list ..."
34 openssl ca -config $CONF -batch -gencrl -crldays 30 -out $CRL1.pem
35 openssl crl -outform DER -out $CRL1.crl -in $CRL1.pem
36 openssl ca -config $CONF -batch -gencrl -crldays 30 -crlexts crl_ext \
37 -out $CRL2.pem
38 openssl crl -outform DER -out $CRL2.crl -in $CRL2.pem
39 cp $CRL1.crl $CRL2.crl $CA_LOC
40 echo
41
42 echo "Don't forget to run ca-install to install the signed certificate!"
Unnamed repository; edit this file to name it for gitweb.