... | ... |
@@ -235,31 +235,34 @@ function make_cert { |
235 | 235 |
local common_name=$3 |
236 | 236 |
local alt_names=$4 |
237 | 237 |
|
238 |
- # Generate a signing request |
|
239 |
- $OPENSSL req \ |
|
240 |
- -sha1 \ |
|
241 |
- -newkey rsa \ |
|
242 |
- -nodes \ |
|
243 |
- -keyout $ca_dir/private/$cert_name.key \ |
|
244 |
- -out $ca_dir/$cert_name.csr \ |
|
245 |
- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" |
|
246 |
- |
|
247 |
- if [[ -z "$alt_names" ]]; then |
|
248 |
- alt_names="DNS:${common_name}" |
|
249 |
- else |
|
250 |
- alt_names="DNS:${common_name},${alt_names}" |
|
251 |
- fi |
|
238 |
+ # Only generate the certificate if it doesn't exist yet on the disk |
|
239 |
+ if [ ! -r "$ca_dir/$cert_name.crt" ]; then |
|
240 |
+ # Generate a signing request |
|
241 |
+ $OPENSSL req \ |
|
242 |
+ -sha1 \ |
|
243 |
+ -newkey rsa \ |
|
244 |
+ -nodes \ |
|
245 |
+ -keyout $ca_dir/private/$cert_name.key \ |
|
246 |
+ -out $ca_dir/$cert_name.csr \ |
|
247 |
+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" |
|
248 |
+ |
|
249 |
+ if [[ -z "$alt_names" ]]; then |
|
250 |
+ alt_names="DNS:${common_name}" |
|
251 |
+ else |
|
252 |
+ alt_names="DNS:${common_name},${alt_names}" |
|
253 |
+ fi |
|
252 | 254 |
|
253 |
- # Sign the request valid for 1 year |
|
254 |
- SUBJECT_ALT_NAME="$alt_names" \ |
|
255 |
- $OPENSSL ca -config $ca_dir/signing.conf \ |
|
256 |
- -extensions req_extensions \ |
|
257 |
- -days 365 \ |
|
258 |
- -notext \ |
|
259 |
- -in $ca_dir/$cert_name.csr \ |
|
260 |
- -out $ca_dir/$cert_name.crt \ |
|
261 |
- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \ |
|
262 |
- -batch |
|
255 |
+ # Sign the request valid for 1 year |
|
256 |
+ SUBJECT_ALT_NAME="$alt_names" \ |
|
257 |
+ $OPENSSL ca -config $ca_dir/signing.conf \ |
|
258 |
+ -extensions req_extensions \ |
|
259 |
+ -days 365 \ |
|
260 |
+ -notext \ |
|
261 |
+ -in $ca_dir/$cert_name.csr \ |
|
262 |
+ -out $ca_dir/$cert_name.crt \ |
|
263 |
+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \ |
|
264 |
+ -batch |
|
265 |
+ fi |
|
263 | 266 |
} |
264 | 267 |
|
265 | 268 |
|
... | ... |
@@ -274,23 +277,25 @@ function make_int_CA { |
274 | 274 |
create_CA_config $ca_dir 'Intermediate CA' |
275 | 275 |
create_signing_config $ca_dir |
276 | 276 |
|
277 |
- # Create a signing certificate request |
|
278 |
- $OPENSSL req -config $ca_dir/ca.conf \ |
|
279 |
- -sha1 \ |
|
280 |
- -newkey rsa \ |
|
281 |
- -nodes \ |
|
282 |
- -keyout $ca_dir/private/cacert.key \ |
|
283 |
- -out $ca_dir/cacert.csr \ |
|
284 |
- -outform PEM |
|
285 |
- |
|
286 |
- # Sign the intermediate request valid for 1 year |
|
287 |
- $OPENSSL ca -config $signing_ca_dir/ca.conf \ |
|
288 |
- -extensions ca_extensions \ |
|
289 |
- -days 365 \ |
|
290 |
- -notext \ |
|
291 |
- -in $ca_dir/cacert.csr \ |
|
292 |
- -out $ca_dir/cacert.pem \ |
|
293 |
- -batch |
|
277 |
+ if [ ! -r "$ca_dir/cacert.pem" ]; then |
|
278 |
+ # Create a signing certificate request |
|
279 |
+ $OPENSSL req -config $ca_dir/ca.conf \ |
|
280 |
+ -sha1 \ |
|
281 |
+ -newkey rsa \ |
|
282 |
+ -nodes \ |
|
283 |
+ -keyout $ca_dir/private/cacert.key \ |
|
284 |
+ -out $ca_dir/cacert.csr \ |
|
285 |
+ -outform PEM |
|
286 |
+ |
|
287 |
+ # Sign the intermediate request valid for 1 year |
|
288 |
+ $OPENSSL ca -config $signing_ca_dir/ca.conf \ |
|
289 |
+ -extensions ca_extensions \ |
|
290 |
+ -days 365 \ |
|
291 |
+ -notext \ |
|
292 |
+ -in $ca_dir/cacert.csr \ |
|
293 |
+ -out $ca_dir/cacert.pem \ |
|
294 |
+ -batch |
|
295 |
+ fi |
|
294 | 296 |
} |
295 | 297 |
|
296 | 298 |
# Make a root CA to sign other CAs |