Skip to content
Snippets Groups Projects
Commit 1a112caf authored by nimrod's avatar nimrod
Browse files

- Only allow the CA to be a CA. 

- Forgot to explicitly set the RSA key size to be 2048 (defaulted to 512).
parent cf282055
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 9 additions and 2 deletions
ssl-ca
+ 9
2
View file @ 1a112caf
...@@ -34,6 +34,12 @@ RANDFILE = /dev/urandom ...@@ -34,6 +34,12 @@ RANDFILE = /dev/urandom
#OU = Organizational unit #OU = Organizational unit
#emailAddress = email address #emailAddress = email address
CN = *.*.\${ENV::domain} CN = *.*.\${ENV::domain}
[ v3_ca ]
basicConstraints = CA:true
[ v3_req ]
basicConstraints = CA:false
" "
usage () { usage () {
...@@ -54,6 +60,7 @@ init () { ...@@ -54,6 +60,7 @@ init () {
-new \ -new \
-newkey rsa:2048 \ -newkey rsa:2048 \
-keyout CA.key \ -keyout CA.key \
-extensions v3_ca \
-out CA.crt -out CA.crt
} }
...@@ -87,7 +94,7 @@ sign_key () { ...@@ -87,7 +94,7 @@ sign_key () {
-out "certs/$1" \ -out "certs/$1" \
-CA CA.crt \ -CA CA.crt \
-set_serial $seed \ -set_serial $seed \
-extensions v3_ca \ -extensions v3_req \
-CAkey CA.key -CAkey CA.key
rm "$csr" rm "$csr"
} }
...@@ -108,7 +115,7 @@ gen_key () { ...@@ -108,7 +115,7 @@ gen_key () {
echo "Key already exists." echo "Key already exists."
exit 1 exit 1
fi fi
openssl genrsa -out "keys/$1" openssl genrsa -out "keys/$1" 2048
} }
if [ $# -lt 1 ] if [ $# -lt 1 ]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment