X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=utilities%2Fovs-pki.in;h=5c8c4bb2e742ac6ff0ab168811e7103fa18d1326;hb=c71270b7aefddd967d7dd5446f7701241380b09d;hp=bcfe736e6d550fad75937613ac20e01a017632ae;hpb=34e63086edddcae06d7c1a4fa84fec0861e50758;p=openvswitch

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index bcfe736e..5c8c4bb2 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# Copyright (c) 2008, 2009 Nicira Networks, Inc.
+# Copyright (c) 2008, 2009, 2010 Nicira Networks, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -193,6 +193,9 @@ if test "$command" = "init"; then
         openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3
     fi
 
+    # Get the current date to add some uniqueness to this certificate
+    curr_date=`date +"%Y %b %d %T"`
+
     # Create the CAs.
     for ca in controllerca switchca; do
         echo "Creating $ca..." >&2
@@ -212,9 +215,9 @@ if test "$command" = "init"; then
             cp ../dsaparam.pem .
         fi
 
-    # Write CA configuration file.
+        # Write CA configuration file.
         if test ! -e ca.cnf; then
-            sed "s/@ca@/$ca/g" > ca.cnf <<'EOF'
+            sed "s/@ca@/$ca/g;s/@curr_date@/$curr_date/g" > ca.cnf <<'EOF'
 [ req ]
 prompt = no
 distinguished_name = req_distinguished_name
@@ -225,7 +228,7 @@ ST = CA
 L = Palo Alto
 O = Open vSwitch
 OU = @ca@
-CN = Open vSwitch @ca@ CA Certificate
+CN = OVS @ca@ CA Certificate (@curr_date@)
 
 [ ca ]
 default_ca = the_ca
@@ -246,6 +249,7 @@ email_in_dn    = no                    # Don't add the email into cert DN
 name_opt       = ca_default            # Subject name display option
 cert_opt       = ca_default            # Certificate display option
 copy_extensions = none                 # Don't copy extensions from request
+unique_subject = no                    # Allow certs with duplicate subjects
 
 # For the CA policy
 [ policy ]
@@ -268,7 +272,7 @@ EOF
             -newkey $newkey -keyout private/cakey.pem -out careq.pem \
             1>&3 2>&3
         openssl ca -config ca.cnf -create_serial -out cacert.pem \
-            -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+            -days 2191 -batch -keyfile private/cakey.pem -selfsign \
             -infiles careq.pem 1>&3 2>&3
         chmod 0700 private/cakey.pem
 
@@ -345,10 +349,9 @@ make_tmpdir() {
 }
 
 fingerprint() {
-    local file=$1
-    local name=${1-$2}
-    local date=$(date -r $file)
-    local fingerprint
+    file=$1
+    name=${1-$2}
+    date=$(date -r $file)
     if grep -q -e '-BEGIN CERTIFICATE-' "$file"; then
         fingerprint=$(openssl x509 -noout -in "$file" -fingerprint |
                       sed 's/SHA1 Fingerprint=//' | tr -d ':')
@@ -469,7 +472,7 @@ sign_request() {
 }
 
 glob() {
-    local files=$(echo $1)
+    files=$(echo $1)
     if test "$files" != "$1"; then
         echo "$files"
     fi