3 # Sign a certificate request as a CA. Run this on deleuze as an
6 # Usage: ca-sign days request.csr out-cert-file.pem
12 POLICY
=policy_anything
14 # Certificate revocation list
17 CA_LOC
=/afs
/hcoop.net
/user
/h
/hc
/hcoop
/public_html
/ca
22 ID
=$
(cat -- $DIR/serial
)
25 echo "Signing certificate request $REQUEST ..."
26 openssl ca
-config $CONF -policy $POLICY -out $PEM -in $REQUEST -days $DAYS
29 # Make a copy of the request
30 cp $REQUEST $DIR/requests
/$ID.csr
32 # Update revocation list.
33 echo "Updating certificate revocation list ..."
34 openssl ca
-config $CONF -batch -gencrl -crldays 30 -out $CRL1.pem
35 openssl crl
-outform DER
-out $CRL1.crl
-in $CRL1.pem
36 openssl ca
-config $CONF -batch -gencrl -crldays 30 -crlexts crl_ext \
38 openssl crl
-outform DER
-out $CRL2.crl
-in $CRL2.pem
39 cp $CRL1.crl
$CRL2.crl
$CA_LOC
42 echo "Don't forget to run ca-install to install the signed certificate!"