Skip to content

Commit a40aa42

Browse files
rdebathrdebath
committed
Simplify caname option.
1 parent b7a5a56 commit a40aa42

File tree

2 files changed

+35
-24
lines changed

2 files changed

+35
-24
lines changed

README

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -191,7 +191,8 @@ Options:
191191

192192
-casubj=...
193193
-caname=...
194-
Set the subject for the single use CA.
194+
Set the subject name for the single use CA, first is a CN or
195+
organisation, the rest are OU items.
195196

196197
-pkcs12=FileName
197198
-pfx=FileName

mk-cert

Lines changed: 33 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,8 @@ Options:
174174
175175
-casubj=...
176176
-caname=...
177-
Set the subject for the single use CA.
177+
Set the subject name for the single use CA, first is a CN or
178+
organisation, the rest are OU items.
178179
179180
-pkcs12=FileName
180181
-pfx=FileName
@@ -924,12 +925,10 @@ decode_args() {
924925
-casubj[=:]*|-caname[=:]* )
925926
V="${ar#*[=:]}"
926927
case "$V" in
927-
/*=* )
928-
CASUBJ="${CASUBJ%/}${V%/}/"
929-
;;
928+
*\ * ) CASUBJ="${CASUBJ}O=$V${NL}" ;;
930929
* ) if [[ "$CASUBJ" = '' ]]
931-
then CASUBJ="/CN=$V/"
932-
else CASUBJ="/OU=$V$CASUBJ"
930+
then CASUBJ="CN=$V${NL}"
931+
else CASUBJ="${CASUBJ}OU=$V${NL}"
933932
fi
934933
;;
935934
esac
@@ -1373,7 +1372,7 @@ apply_options() {
13731372
else SUBJTYPE=arg ; SUBJ=/
13741373
fi
13751374
fi
1376-
elif [[ "$SUBJTYPE" = '' && "$ADDDNS" != no ]]
1375+
elif [[ "$SUBJTYPE" = '' && "$ADDDNQ" != no ]]
13771376
then ADDDNQ=yes
13781377
fi
13791378

@@ -1506,29 +1505,41 @@ create_suca_pem() {
15061505
fi
15071506
echo '[ req_distinguished_name ]'
15081507

1509-
if [[ "$WANTDVCERT" != yes || "$ADDDNQ" = yes ]]
1508+
if [[ "$CASUBJ" != '' ]]
15101509
then
1511-
if [[ "$ADDDNQ" != no ]]
1510+
echo "$CASUBJ"
1511+
if [[ "$ADDDNQ" = yes ]]
15121512
then
15131513
if [[ "$SERIAL" != '' ]]
15141514
then echo "dnQualifier=$SERIAL"
15151515
else echo "dnQualifier=$(mk_rand)"
15161516
fi
15171517
fi
1518-
fi
1518+
else
1519+
if [[ "$WANTDVCERT" != yes || "$ADDDNQ" = yes ]]
1520+
then
1521+
if [[ "$ADDDNQ" != no ]]
1522+
then
1523+
if [[ "$SERIAL" != '' ]]
1524+
then echo "dnQualifier=$SERIAL"
1525+
else echo "dnQualifier=$(mk_rand)"
1526+
fi
1527+
fi
1528+
fi
15191529

1520-
# DV certificates need the issuer subject to have a country
1521-
# code and organisation. The XX code is valid for a CA, the
1522-
# org is supposed to be the CA's company name.
1523-
if [[ "$WANTDVCERT" = yes ]]
1524-
then echo "C=XX"
1525-
echo "O=Above reproach CA"
1526-
echo "CN=${CN:-CA}"
1527-
elif [[ "$CN" != "" ]]
1528-
then echo "O=Above reproach CA"
1529-
echo "CN=$CN"
1530-
else echo "O=Above reproach CA"
1531-
echo "CN=Private CA"
1530+
# DV certificates need the issuer subject to have a country
1531+
# code and organisation. The XX code is valid for a CA, the
1532+
# org is supposed to be the CA's company name.
1533+
if [[ "$WANTDVCERT" = yes ]]
1534+
then echo "C=XX"
1535+
echo "O=Above reproach CA"
1536+
echo "CN=${CN:-CA}"
1537+
elif [[ "$CN" != "" ]]
1538+
then echo "O=Above reproach CA"
1539+
echo "CN=$CN"
1540+
else echo "O=Above reproach CA"
1541+
echo "CN=Private CA"
1542+
fi
15321543
fi
15331544

15341545
echo '#END'
@@ -1544,7 +1555,6 @@ create_suca_pem() {
15441555
SIGNPEM="$(ft openssl req -new $UTF8 -x509 $DGST \
15451556
-days "${CERT_DAYS:-$DEFAULT_DAYS}" \
15461557
${CASER:+-set_serial 0x"$CASER"} \
1547-
${CASUBJ:+-subj "$CASUBJ"} \
15481558
-key <(echo "$CAKEY") \
15491559
-config <(mksucareqconf)
15501560
echo "$CAKEY" )"

0 commit comments

Comments
 (0)