From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 6 Dec 2012 03:43:25 +0000 (+0000)
Subject: Merge branch 'master' of git://git.distorted.org.uk/~mdw/ca
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/ca/commitdiff_plain/0f9d9bad47d069fb05f3f1d937c42125a14c95ea?hp=92c78e4a0cb5e237850ed13ec52684f78471bf0e

Merge branch 'master' of git://git.distorted.org.uk/~mdw/ca

* 'master' of git://git.distorted.org.uk/~mdw/ca:
  lib/func.tcl: Stupid long-standing typo in `sync-profiles'.
  test/update: Run `bin/update' before adding requests.
  bin/add: Don't allow adding requests with defunct profiles.
  bin/update: Refresh the profiles in the database from the configuration.
  lib/func.tcl, test/unit: Fix spin in `next-matching-date' and test.
  test/{init->update}: Less mad name for this test.
---

diff --git a/etc/config.tcl b/etc/config.tcl
index c471518..812b1d3 100644
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -1,23 +1,32 @@
 ### -*-tcl-*-
 
-set C(ca-owner) "mdw"
-set C(ca-group) "mdw"
-set C(ca-user) "mdw"
+set C(ca-owner) "root"
+set C(ca-group) "ca"
+
+set C(ca-name) {
+  countryName "GB"
+  stateOrProvinceName "Cambridgeshire"
+  localityName "Cambridge"
+  organizationName "distorted.org.uk"
+  commonName "distorted.org.uk Certificate Authority"
+  emailAddress "ca@distorted.org.uk"
+}
 
 set P(tls-client) {
   extensions tls-client-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 28
+  expire-interval 32
 }
 
 set P(tls-server) {
   extensions tls-server-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 28
+  expire-interval 32
 }
 
 proc update-hook {} {
-  exec rsync -av --delete-after crl ca.cert cert req test/publish 2>@stderr
+  exec 2>@stderr rsync -av --delete-after ca.cert crl cert req publish/
+  exec 2>@stderr userv root publish-ca
 }
diff --git a/etc/openssl.conf b/etc/openssl.conf
index 847b1f5..1fe673a 100644
--- a/etc/openssl.conf
+++ b/etc/openssl.conf
@@ -5,7 +5,7 @@
 ###--------------------------------------------------------------------------
 ### Defaults.
 
-RANDFILE = /dev/urandom
+RANDFILE = /dev/random
 db_suffix =
 
 ###--------------------------------------------------------------------------