4 certroot=$(cd ${0%/*}/..; pwd)
9 ## Archive any existing CA.
10 if [ -f ca.cert ]; then
12 if [ -f archive/state/serial ]; then
13 next=$(cat archive/state/serial)
15 mkdir -p archive/state
19 mv ca.cert certs crls index private state archive/"$next"/
20 expr "$next" + 1 >archive/state/serial.new
21 mv archive/state/serial.new archive/state/serial
24 ## Clear out the old CA completely.
25 rm -rf certs index private tmp state
26 rm -f ca.cert distorted.crl
30 mkdir -m775 certs crls index index/byhash index/byserial state tmp
31 chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
34 echo 01 >state/crlnumber
36 ## Set the CA subject name. It won't fit on one line, and there's no
37 ## good way of continuing it. Have fun parsing the sed.
38 subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer)
40 ## Build the new CA key and certificate.
42 openssl req -new -config openssl.conf -x509 -days 3650 \
43 -out ca.cert -keyout private/ca.key \
45 chown $ca_owner:$ca_group private/ca.key