# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
DAYS="-days 365" # 1 year
CADAYS="-days 1095" # 3 years
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
CATOP=./demoCA
CAKEY=./cakey.pem
;;
-newcert)
# create a certificate
- $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
- echo "Certificate (and private key) is in newreq.pem"
+ echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
- $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
- echo "Request (and private key) is in newreq.pem"
+ echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory