Make sha-256/-512 naming in speed.c consistent with their names as they

[openssl.git] / apps / CA.sh

diff --git a/apps/CA.sh b/apps/CA.sh
index 728f5bf4d84edde28b6fc2d3fde1f10957976766..e63a2267eefebc593f6469782ffe6afb1b385839 100644 (file)
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -30,7 +30,8 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
-DAYS="-days 365"
+DAYS="-days 365"       # 1 year
+CADAYS="-days 1095"    # 3 years
 REQ="openssl req $SSLEAY_CONFIG"
 CA="openssl ca $SSLEAY_CONFIG"
 VERIFY="openssl verify"
@@ -38,6 +39,7 @@ X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem
+CAREQ=./careq.pem
 CACERT=./cacert.pem
 
 for i
@@ -60,7 +62,7 @@ case $i in
     echo "Request (and private key) is in newreq.pem"
     ;;
 -newca)     
-    # if explictly asked for or it doesn't exist then setup the directory
+    # if explicitly asked for or it doesn't exist then setup the directory
     # structure that Eric likes to manage things 
     NEW="1"
     if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
@@ -70,7 +72,7 @@ case $i in
        mkdir ${CATOP}/crl 
        mkdir ${CATOP}/newcerts
        mkdir ${CATOP}/private
-       echo "01" > ${CATOP}/serial
+       echo "00" > ${CATOP}/serial
        touch ${CATOP}/index.txt
     fi
     if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -83,8 +85,11 @@ case $i in
            RET=$?
        else
            echo "Making CA certificate ..."
-           $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
-                          -out ${CATOP}/$CACERT $DAYS
+           $REQ -new -keyout ${CATOP}/private/$CAKEY \
+                          -out ${CATOP}/$CAREQ
+           $CA -out ${CATOP}/$CACERT $CADAYS -batch \
+                          -keyfile ${CATOP}/private/$CAKEY -selfsign \
+                          -infiles ${CATOP}/$CAREQ 
            RET=$?
        fi
     fi