Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

-file -out -key -policy -key -name added -signcert

Right. so. There's these modes right? And you want to customize what
they do right? Well now we've added these new fangled parameters (but
really quite old, we stole them. ^.^) first there's -file=<file name>,
this would be your input file. -out=<filename> tells us where to put the
signed cert. -key=<filename> is a nice way to let the script avoid
guessing the keyfile from the -name=<prefix> parameter.
-policy=<section> lets us determine which level of similarity needs to
be allowed for the approval of the certificate.
  • Loading branch information...
1 parent 607d167 commit 3f4a7fd506755f143a3762da2683a39f6110d43e @CarbonLifeForm CarbonLifeForm committed
Showing with 23 additions and 4 deletions.
  1. +23 −4
@@ -298,12 +298,31 @@ case $1 in
unset polset outfile infile fileprefix
+ until (is_mode $2)
+ do
+ shift
+ case $1 in
+ -name=*) fileprefix="${1#-*=}"
+ ;;
+ -out=*) outfile="${1#-*=}"
+ ;;
+ -file=*) infile="${1#-*=}"
+ ;;
+ -key=*) keyfile="${1#-*=}"
+ ;;
+ -policy=*) polset="${1#-*=}"
+ ;;
+ -ext=*) extensions="-extensions ${1#-*=}"
+ ;;
+ esac
+ done
echo "Cert passphrase will be requested twice - bug?"
- $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
- $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+ $X509 -x509toreq -in ${infile:-${fileprefix:-new}req.pem} -signkey ${keyfile:-${fileprefix:-new}key.pem} -out tmp.pem
+ $CA -policy ${polset:-policy_anything} $extensions -out ${outfile:=${fileprefix:-new}cert.pem} -infiles tmp.pem
- cat newcert.pem
- echo "Signed certificate is in newcert.pem"
+ cat $outfile
+ echo "Signed certificate is in $outfile"
+ unset extensions fileprefix outfile infile polset keyfile

0 comments on commit 3f4a7fd

Please sign in to comment.
Something went wrong with that request. Please try again.