3 # Sign a certificate request as a CA. Run this on deleuze as an
6 # Usage: ca-sign days request.csr out-cert-file.pem
8 if test -n "$3" ||
test -z "$2"; then
9 echo "Incorrect arguments."
10 echo "Usage: ca-sign days request.csr out-cert-file.pem"
16 POLICY
=policy_anything
18 # Certificate revocation list
21 CA_LOC
=/afs
/hcoop.net
/user
/h
/hc
/hcoop
/public_html
/ca
26 ID
=$
(cat -- $DIR/serial
)
29 echo "Signing certificate request $REQUEST ..."
30 openssl ca
-config $CONF -policy $POLICY -out $PEM -in $REQUEST -days $DAYS
33 # Make a copy of the request
34 cp $REQUEST $DIR/requests
/$ID.csr
36 # Update revocation list.
37 echo "Updating certificate revocation list ..."
38 openssl ca
-config $CONF -batch -gencrl -crldays 30 -out $CRL1.pem
39 openssl crl
-outform DER
-out $CRL1.crl
-in $CRL1.pem
40 openssl ca
-config $CONF -batch -gencrl -crldays 30 -crlexts crl_ext \
42 openssl crl
-outform DER
-out $CRL2.crl
-in $CRL2.pem
43 cp $CRL1.crl
$CRL2.crl
$CA_LOC
46 echo "Don't forget to run ca-install to install the signed certificate!"