Browse code
Merge "Don't try to regenerate existing ssl certificates"
Jenkins authored on 2014/08/25 23:42:35Showing 1 changed files
| ... | ... |
@@ -235,31 +235,34 @@ function make_cert {
|
| 235 | 235 |
local common_name=$3 |
| 236 | 236 |
local alt_names=$4 |
| 237 | 237 |
|
| 238 |
- # Generate a signing request |
|
| 239 |
- $OPENSSL req \ |
|
| 240 |
- -sha1 \ |
|
| 241 |
- -newkey rsa \ |
|
| 242 |
- -nodes \ |
|
| 243 |
- -keyout $ca_dir/private/$cert_name.key \ |
|
| 244 |
- -out $ca_dir/$cert_name.csr \ |
|
| 245 |
- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
|
|
| 246 |
- |
|
| 247 |
- if [[ -z "$alt_names" ]]; then |
|
| 248 |
- alt_names="DNS:${common_name}"
|
|
| 249 |
- else |
|
| 250 |
- alt_names="DNS:${common_name},${alt_names}"
|
|
| 251 |
- fi |
|
| 238 |
+ # Only generate the certificate if it doesn't exist yet on the disk |
|
| 239 |
+ if [ ! -r "$ca_dir/$cert_name.crt" ]; then |
|
| 240 |
+ # Generate a signing request |
|
| 241 |
+ $OPENSSL req \ |
|
| 242 |
+ -sha1 \ |
|
| 243 |
+ -newkey rsa \ |
|
| 244 |
+ -nodes \ |
|
| 245 |
+ -keyout $ca_dir/private/$cert_name.key \ |
|
| 246 |
+ -out $ca_dir/$cert_name.csr \ |
|
| 247 |
+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
|
|
| 248 |
+ |
|
| 249 |
+ if [[ -z "$alt_names" ]]; then |
|
| 250 |
+ alt_names="DNS:${common_name}"
|
|
| 251 |
+ else |
|
| 252 |
+ alt_names="DNS:${common_name},${alt_names}"
|
|
| 253 |
+ fi |
|
| 252 | 254 |
|
| 253 |
- # Sign the request valid for 1 year |
|
| 254 |
- SUBJECT_ALT_NAME="$alt_names" \ |
|
| 255 |
- $OPENSSL ca -config $ca_dir/signing.conf \ |
|
| 256 |
- -extensions req_extensions \ |
|
| 257 |
- -days 365 \ |
|
| 258 |
- -notext \ |
|
| 259 |
- -in $ca_dir/$cert_name.csr \ |
|
| 260 |
- -out $ca_dir/$cert_name.crt \ |
|
| 261 |
- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
|
|
| 262 |
- -batch |
|
| 255 |
+ # Sign the request valid for 1 year |
|
| 256 |
+ SUBJECT_ALT_NAME="$alt_names" \ |
|
| 257 |
+ $OPENSSL ca -config $ca_dir/signing.conf \ |
|
| 258 |
+ -extensions req_extensions \ |
|
| 259 |
+ -days 365 \ |
|
| 260 |
+ -notext \ |
|
| 261 |
+ -in $ca_dir/$cert_name.csr \ |
|
| 262 |
+ -out $ca_dir/$cert_name.crt \ |
|
| 263 |
+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
|
|
| 264 |
+ -batch |
|
| 265 |
+ fi |
|
| 263 | 266 |
} |
| 264 | 267 |
|
| 265 | 268 |
|
| ... | ... |
@@ -274,23 +277,25 @@ function make_int_CA {
|
| 274 | 274 |
create_CA_config $ca_dir 'Intermediate CA' |
| 275 | 275 |
create_signing_config $ca_dir |
| 276 | 276 |
|
| 277 |
- # Create a signing certificate request |
|
| 278 |
- $OPENSSL req -config $ca_dir/ca.conf \ |
|
| 279 |
- -sha1 \ |
|
| 280 |
- -newkey rsa \ |
|
| 281 |
- -nodes \ |
|
| 282 |
- -keyout $ca_dir/private/cacert.key \ |
|
| 283 |
- -out $ca_dir/cacert.csr \ |
|
| 284 |
- -outform PEM |
|
| 285 |
- |
|
| 286 |
- # Sign the intermediate request valid for 1 year |
|
| 287 |
- $OPENSSL ca -config $signing_ca_dir/ca.conf \ |
|
| 288 |
- -extensions ca_extensions \ |
|
| 289 |
- -days 365 \ |
|
| 290 |
- -notext \ |
|
| 291 |
- -in $ca_dir/cacert.csr \ |
|
| 292 |
- -out $ca_dir/cacert.pem \ |
|
| 293 |
- -batch |
|
| 277 |
+ if [ ! -r "$ca_dir/cacert.pem" ]; then |
|
| 278 |
+ # Create a signing certificate request |
|
| 279 |
+ $OPENSSL req -config $ca_dir/ca.conf \ |
|
| 280 |
+ -sha1 \ |
|
| 281 |
+ -newkey rsa \ |
|
| 282 |
+ -nodes \ |
|
| 283 |
+ -keyout $ca_dir/private/cacert.key \ |
|
| 284 |
+ -out $ca_dir/cacert.csr \ |
|
| 285 |
+ -outform PEM |
|
| 286 |
+ |
|
| 287 |
+ # Sign the intermediate request valid for 1 year |
|
| 288 |
+ $OPENSSL ca -config $signing_ca_dir/ca.conf \ |
|
| 289 |
+ -extensions ca_extensions \ |
|
| 290 |
+ -days 365 \ |
|
| 291 |
+ -notext \ |
|
| 292 |
+ -in $ca_dir/cacert.csr \ |
|
| 293 |
+ -out $ca_dir/cacert.pem \ |
|
| 294 |
+ -batch |
|
| 295 |
+ fi |
|
| 294 | 296 |
} |
| 295 | 297 |
|
| 296 | 298 |
# Make a root CA to sign other CAs |