## Generate the private CA key.
make-directories 0750 "private"
-set subject ""
-foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
-exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \
- -text -out "ca.cert" -keyout "private/ca.key" \
- -new -x509 -days $C(ca-period) \
- -subj $subject
-file attributes "private/ca.key" \
- -owner $C(ca-owner) -group $C(ca-group) \
- -permissions 0640
-file attributes "ca.cert" \
- -owner $C(ca-owner) -group $C(ca-group) \
- -permissions 0644
+generate-root-key
## Set up the directories for the actual certificates. These are published
## by the web server.
return [expr 0x$serial + 0]
}
+###--------------------------------------------------------------------------
+### Generating the root key.
+
+proc generate-root-key {} {
+ global C
+
+ set subject ""
+ foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
+ exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \
+ -text -out "ca.cert" -keyout "private/ca.key" \
+ -new -x509 -days $C(ca-period) \
+ -subj $subject
+ file attributes "private/ca.key" \
+ -owner $C(ca-owner) -group $C(ca-group) \
+ -permissions 0640
+ file attributes "ca.cert" \
+ -owner $C(ca-owner) -group $C(ca-group) \
+ -permissions 0644
+}
+
###--------------------------------------------------------------------------
### Certificate requests.