X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/c235081a25cee59ac3cf5e52daaa100e30cd1653..46ff8d372bdb6b66c61ad0a9e7f574396c27f2e1:/scripts/domtool-addcert

diff --git a/scripts/domtool-addcert b/scripts/domtool-addcert
index 0d23333..6e58197 100755
--- a/scripts/domtool-addcert
+++ b/scripts/domtool-addcert
@@ -15,8 +15,8 @@ CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem
 
 mkdir $KEYDIR || echo Key directory already exists.
 openssl genrsa -out $KEYFILE
-chown -R domtool.domtool $KEYDIR
-fs sa $KEYDIR $USER read
+chown -R domtool.nogroup $KEYDIR
+fs sa $KEYDIR $USER read || echo This must be a server principal.
 echo "." >$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
@@ -32,4 +32,4 @@ cat $NEWREQ $KEYFILE >$NEW
 rm $NEWREQ
 openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
 rm $NEW
-chown domtool.domtool $CERTFILE
+chown domtool.nogroup $CERTFILE