From 37ce996ea41011d5bc35da642f8ea6f61a838c56 Mon Sep 17 00:00:00 2001 From: Someone Date: Thu, 5 Feb 2015 02:59:17 +0100 Subject: [PATCH] fix broken CA creation. --- certgen.sh | 3 +-- openssl.cnf | 4 +++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/certgen.sh b/certgen.sh index b7dc932..4c9a822 100755 --- a/certgen.sh +++ b/certgen.sh @@ -31,8 +31,7 @@ while read cdline ; do mkdir -m 0700 certs crl newcerts touch index.txt export CA_PATH="./" - openssl req -batch -new -newkey rsa:4096 -keyout ca.key -out ca.csr -nodes -subj "${certdata[2]}" -reqexts v3_ca_req -config "${MYPWD}/openssl.cnf" &>/dev/null - openssl ca -batch -create_serial -out ca.crt -days 3650 -keyfile ca.key -selfsign -extensions v3_ca -config "${MYPWD}/openssl.cnf" -infiles ca.csr + openssl req -batch -new -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -nodes -subj "${certdata[2]}" -reqexts v3_ca_req -config "${MYPWD}/openssl.cnf" &>/dev/null continue fi diff --git a/openssl.cnf b/openssl.cnf index fee123c..22f4eb8 100644 --- a/openssl.cnf +++ b/openssl.cnf @@ -14,9 +14,10 @@ default_crl_days = 365 # how long before next CRL default_md = sha512 # use public key default MD preserve = no # keep passed DN ordering -unique_subject = no email_in_dn = no # Don't concat the email in the DN copy_extensions = copyall # Required to copy SANs from CSR to cert +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options dir = ${ENV::CA_PATH} new_certs_dir = $dir/certs @@ -26,6 +27,7 @@ certificate = $dir/ca.crt x509_extensions = ca_extensions policy = ca_match +unique_subject = no [ ca_extensions ] crlDistributionPoints=URI:http://www.somenet.org/somenet.crl -- 2.43.0