resign_cert

来自「This a good VPN source」· 代码 · 共 36 行

#!/bin/sh
#
# (c) 2003 Xelerance Corporation
# Ken Bantoft <ken@xelerance.com>
# resign all certificates for which we have requests

# copy the certificates to the right baseconfig dirs.
source ../../umlsetup.sh

OPENSWANHOSTS=${OPENSWANHOSTS-$FREESWANHOSTS}

# first, move the private keys to the right place
for host in $OPENSWANHOSTS
do
	req=$host.uml.freeswan.org/$host.uml.freeswan.org.req
	cert=$host.uml.freeswan.org/$host.uml.freeswan.org.cert
	if [ -f $req ]
	then
	    echo "Password is 'openswan'"
	    # Sign the cert
	    if [ -f $cert ]
	    then
		echo "revoking key from $host"
		openssl ca -revoke $cert -config ./openssl.cnf 
            fi
	    echo "Signing key from $host"
	    openssl ca -in $req -out $cert.new -config ./openssl.cnf 
	    if [ -s $cert.new ]
	    then
		mv $cert.new $cert
	    fi
	fi
done