4 certroot=$(cd ${0%/*}/..; pwd)
8 ## Archive any existing CA.
9 if [ -f ca.cert ]; then
11 if [ -f archive/state/serial ]; then
12 next=$(cat archive/state/serial)
14 mkdir -p archive/state
18 mv ca.cert certs crls index private state archive/"$next"/
19 expr "$next" + 1 >archive/state/serial.new
20 mv archive/state/serial.new archive/state/serial
23 ## Clear out the old CA completely.
24 rm -rf certs index private tmp state
25 rm -f ca.cert distorted.crl
29 mkdir -m775 certs crls index index/byhash index/byserial state tmp
30 chown root:ca certs crls index index/byhash index/byserial private state tmp
33 echo 01 >state/crlnumber
35 ## Set the CA subject name. It won't fit on one line, and there's no
36 ## good way of continuing it. Have fun parsing the sed.
37 subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <<EOF
41 OU=Certificate Authority
42 CN=distorted.org.uk top-level CA
43 emailAddress=ca@distorted.org.uk
47 ## Build the new CA key and certificate.
49 openssl req -new -config openssl.conf -x509 -days 3650 \
50 -out ca.cert -keyout private/ca.key \
52 chown root:ca private/ca.key