diff options
author | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:33:59 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2003-04-03 22:33:59 +0000 |
commit | 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 (patch) | |
tree | a7d45496f96476ba095e385f7a3502dde1f9b6b7 /apps/CA.pl.in | |
parent | e6526fbf4dc894d71ae3517a1ba484475b79b402 (diff) |
Implement self-signing in 'openssl ca'. This makes it easier to have
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
Diffstat (limited to 'apps/CA.pl.in')
-rw-r--r-- | apps/CA.pl.in | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 8b2ce7ea42..2242f7e03b 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -37,7 +37,8 @@ # demoCA ... where everything is stored $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; $VERIFY="openssl verify"; @@ -46,6 +47,7 @@ $PKCS12="openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -101,8 +103,11 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } |