#! /bin/sh
-# Copyright (c) 2008, 2009 Nicira Networks, Inc.
+# Copyright (c) 2008, 2009, 2010 Nicira Networks, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3
fi
+ # Get the current date to add some uniqueness to this certificate
+ curr_date=`date +"%Y %b %d %T"`
+
# Create the CAs.
for ca in controllerca switchca; do
echo "Creating $ca..." >&2
cp ../dsaparam.pem .
fi
- # Write CA configuration file.
+ # Write CA configuration file.
if test ! -e ca.cnf; then
- sed "s/@ca@/$ca/g" > ca.cnf <<'EOF'
+ sed "s/@ca@/$ca/g;s/@curr_date@/$curr_date/g" > ca.cnf <<'EOF'
[ req ]
prompt = no
distinguished_name = req_distinguished_name
L = Palo Alto
O = Open vSwitch
OU = @ca@
-CN = Open vSwitch @ca@ CA Certificate
+CN = OVS @ca@ CA Certificate (@curr_date@)
[ ca ]
default_ca = the_ca
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+ -days 2191 -batch -keyfile private/cakey.pem -selfsign \
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem
}
fingerprint() {
- local file=$1
- local name=${1-$2}
- local date=$(date -r $file)
- local fingerprint
+ file=$1
+ name=${1-$2}
+ date=$(date -r $file)
if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then
fingerprint=$(openssl x509 -noout -in "$file" -fingerprint |
sed 's/SHA1 Fingerprint=//' | tr -d ':')
}
glob() {
- local files=$(echo $1)
+ files=$(echo $1)
if test "$files" != "$1"; then
echo "$files"
fi