X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/ca/blobdiff_plain/ea87b7f0cb41e601607b22ebea329485db0faada..d811166df9c753aa43e9c6e6449b6c0a383ae2bf:/lib/func.tcl

diff --git a/lib/func.tcl b/lib/func.tcl
index 3dd35c3..1b53f2f 100644
--- a/lib/func.tcl
+++ b/lib/func.tcl
@@ -495,6 +495,26 @@ proc cert-seq {file} {
   return [expr 0x$serial + 0]
 }
 
+###--------------------------------------------------------------------------
+### Generating the root key.
+
+proc generate-root-key {} {
+  global C
+
+  set subject ""
+  foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
+  exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
+      -text -out "ca.cert" -keyout "private/ca.key" \
+      -new -x509 -days $C(ca-period) \
+      -subj $subject
+  file attributes "private/ca.key" \
+      -owner $C(ca-owner) -group $C(ca-group) \
+      -permissions 0640
+  file attributes "ca.cert" \
+      -owner $C(ca-owner) -group $C(ca-group) \
+      -permissions 0644
+}
+
 ###--------------------------------------------------------------------------
 ### Certificate requests.