Generate CSR for external CA as documented at http://wiki.cacert.org/ .

1 files changed, 28 insertions, 8 deletions

diff --git a/localmksslcerts b/localmksslcerts
index 742a04a..15bc78c 100755
--- a/localmksslcerts
+++ b/localmksslcerts
@@ -3,7 +3,7 @@
 # /usr/local/sbin/localmksslcerts
 # Copyright 2001-2005 Jonas Smedegaard <dr@jones.dk>
 #
-# $Id: localmksslcerts,v 1.21 2005-10-19 19:07:19 jonas Exp $
+# $Id: localmksslcerts,v 1.22 2005-10-20 17:13:25 jonas Exp $
 #
 # Generate certificates for mail (and other) servers
 # Based on uw-imapd-ssl post-install script
@@ -69,7 +69,29 @@ $issuer
 	mkcerthash "$base"
 }
 
-mkkey() {
+mkcertreq() {
+	base="$1"
+	domain="$2"
+	keypath="$SSLKEYDIR/$base.pem"
+	reqpath="$SSLCERTDIR/$base.csr"
+	openssl req -nodes -new \
+		-keyout "$keypath" \
+		-out "$reqpath" > /dev/null 2>&1 <<+
+$cn
+$state
+$loc
+$org
+$ou
+$domain
+$issuer
+.
+.
++
+	chown root:root "$reqpath"
+	chmod 0640 "$reqpath"
+}
+
+mkselfkey() {
 	filebase="$1"
 	keypath="$SSLKEYDIR/$filebase.pem"
 	openssl genrsa \
@@ -78,7 +100,7 @@ mkkey() {
 	chmod 0600 "$keypath"
 }
 
-mkcertreq() {
+mkselfcertreq() {
 	base="$1"
 	domain="$2"
 	keypath="$SSLKEYDIR/$base.pem"
@@ -279,9 +301,7 @@ case "$certtype" in
 		;;
 	ca)
 		if [ ! -f "$SSLCERTDIR/$fqdn.pem" ] || [ -n "$force" ]; then
-			echo "Generating host key for \"$fqdn\"..."
-			mkkey "$fqdn"
-			echo "Generating certificate request for \"$fqdn\"..."
+			echo "Generating host key and certificate request for \"$fqdn\"..."
 			mkcertreq "$fqdn" "$fqdn"
 			echo "Certificate request generated: $SSLCERTDIR/$fqdn.csr!"
 			echo
@@ -331,9 +351,9 @@ case "$certtype" in
 			mkcacert "$cacert"
 		fi
 		echo "Generating host key for \"$fqdn\"..."
-		mkkey "$fqdn"
+		mkselfkey "$fqdn"
 		echo "Generating host certificate for \"$fqdn\"..."
-		mkcertreq "$fqdn" "$fqdn"
+		mkselfcertreq "$fqdn" "$fqdn"
 		mkselfcacert "$fqdn" "$fqdn" "$cacert"
 		rm "$SSLCERTDIR/$fqdn.csr"
 		;;