Implement self-signing in 'openssl ca'. This makes it easier to have

[openssl.git] / apps / CA.pl.in

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 8b2ce7ea4248250f8109c75c0212e8352f0d2c06..2242f7e03b1c7b0430dafca30342498f881f4576 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -37,7 +37,8 @@
 # demoCA ... where everything is stored
 
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";
+$DAYS="-days 365";     # 1 year
+$CADAYS="-days 1095";  # 3 years
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
 $VERIFY="openssl verify";
@@ -46,6 +47,7 @@ $PKCS12="openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
+$CAREQ="careq.pem";
 $CACERT="cacert.pem";
 
 $DIRMODE = 0777;
@@ -101,8 +103,11 @@ foreach (@ARGV) {
                    $RET=$?;
                } else {
                    print "Making CA certificate ...\n";
-                   system ("$REQ -new -x509 -keyout " .
-                       "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+                   system ("$REQ -new -keyout " .
+                       "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+                   system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 
+                       "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+                       "-infiles ${CATOP}/$CAREQ ");
                    $RET=$?;
                }
            }