summaryrefslogtreecommitdiffstats
path: root/roles/common/files/usr/local/bin
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-06-03 19:15:48 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:54:14 +0200
commitdb1e67a62f527b87faeb52839c91da4eabc2ad62 (patch)
tree4cef65eac4beeb92ecfb7570d32f30750d02e459 /roles/common/files/usr/local/bin
parentbf318449f512156f7363a9aa99917c77843a0704 (diff)
genkeypair.sh: Merge privkey and pubkey for identical filekeys.
Also, set ‘subjectKeyIdentifier = hash’ in the CSR.
Diffstat (limited to 'roles/common/files/usr/local/bin')
-rwxr-xr-xroles/common/files/usr/local/bin/genkeypair.sh14
1 files changed, 10 insertions, 4 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh
index 982c1d9..5bf67f2 100755
--- a/roles/common/files/usr/local/bin/genkeypair.sh
+++ b/roles/common/files/usr/local/bin/genkeypair.sh
@@ -168,10 +168,11 @@ if [ -z "$config" -a \( "$cmd" = x509 -o "$cmd" = csr \) ]; then
commonName = $cn
[ v3_req ]
- subjectAltName = email:admin@fripost.org${dns:+, $dns}
- basicConstraints = critical, CA:FALSE
+ subjectAltName = email:admin@fripost.org${dns:+, $dns}
+ basicConstraints = critical, CA:FALSE
# https://security.stackexchange.com/questions/24106/which-key-usages-are-required-by-each-key-exchange-method
- keyUsage = critical, ${usage:-digitalSignature, keyEncipherment, keyCertSign}
+ keyUsage = critical, ${usage:-digitalSignature, keyEncipherment, keyCertSign}
+ subjectKeyIdentifier = hash
EOF
fi
@@ -188,7 +189,12 @@ elif [ ! -s "$privkey" -o $force -ge 2 ]; then
[ "$cmd" = dkim ] && { dkiminfo; exit; }
fi
-if [ "$cmd" = x509 -o "$cmd" = csr ]; then
+if [ "$cmd" = x509 -a "$pubkey" = "$privkey" ]; then
+ pubkey=$(mktemp)
+ openssl req -config "$config" -new -x509 ${hash:+-$hash} -days 3650 -key "$privkey" >"$pubkey" || exit 2
+ cat "$pubkey" >>"$privkey" || exit 2
+ rm -f "$pubkey"
+elif [ "$cmd" = x509 -o "$cmd" = csr ]; then
if [ -s "$pubkey" -a $force -eq 0 ]; then
echo "Error: public key exists: $pubkey" >&2
exit 1