Merge "Don't try to regenerate existing ssl certificates"

2014-08-25 14:42:35 +00:00 · 2014-08-25 14:42:35 +00:00 · 73ad94c9b4
commit 73ad94c9b4
parent 40564a2b35 2f69c6b853
1 changed files with 44 additions and 39 deletions
--- a/lib/tls
+++ b/lib/tls
@ -235,31 +235,34 @@ function make_cert {
    local common_name=$3
    local alt_names=$4
-    # Generate a signing request
+    # Only generate the certificate if it doesn't exist yet on the disk
-    $OPENSSL req \
+    if [ ! -r "$ca_dir/$cert_name.crt" ]; then
-        -sha1 \
+        # Generate a signing request
-        -newkey rsa \
+        $OPENSSL req \
-        -nodes \
+            -sha1 \
-        -keyout $ca_dir/private/$cert_name.key \
+            -newkey rsa \
-        -out $ca_dir/$cert_name.csr \
+            -nodes \
-        -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
+            -keyout $ca_dir/private/$cert_name.key \
            -out $ca_dir/$cert_name.csr \
            -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
-    if [[ -z "$alt_names" ]]; then
+        if [[ -z "$alt_names" ]]; then
-        alt_names="DNS:${common_name}"
+            alt_names="DNS:${common_name}"
-    else
+        else
-        alt_names="DNS:${common_name},${alt_names}"
+            alt_names="DNS:${common_name},${alt_names}"
        fi
        # Sign the request valid for 1 year
        SUBJECT_ALT_NAME="$alt_names" \
        $OPENSSL ca -config $ca_dir/signing.conf \
            -extensions req_extensions \
            -days 365 \
            -notext \
            -in $ca_dir/$cert_name.csr \
            -out $ca_dir/$cert_name.crt \
            -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
            -batch
    fi
    # Sign the request valid for 1 year
    SUBJECT_ALT_NAME="$alt_names" \
    $OPENSSL ca -config $ca_dir/signing.conf \
        -extensions req_extensions \
        -days 365 \
        -notext \
        -in $ca_dir/$cert_name.csr \
        -out $ca_dir/$cert_name.crt \
        -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
        -batch
 }
@ -274,23 +277,25 @@ function make_int_CA {
    create_CA_config $ca_dir 'Intermediate CA'
    create_signing_config $ca_dir
-    # Create a signing certificate request
+    if [ ! -r "$ca_dir/cacert.pem" ]; then
-    $OPENSSL req -config $ca_dir/ca.conf \
+        # Create a signing certificate request
-        -sha1 \
+        $OPENSSL req -config $ca_dir/ca.conf \
-        -newkey rsa \
+            -sha1 \
-        -nodes \
+            -newkey rsa \
-        -keyout $ca_dir/private/cacert.key \
+            -nodes \
-        -out $ca_dir/cacert.csr \
+            -keyout $ca_dir/private/cacert.key \
-        -outform PEM
+            -out $ca_dir/cacert.csr \
            -outform PEM
-    # Sign the intermediate request valid for 1 year
+        # Sign the intermediate request valid for 1 year
-    $OPENSSL ca -config $signing_ca_dir/ca.conf \
+        $OPENSSL ca -config $signing_ca_dir/ca.conf \
-        -extensions ca_extensions \
+            -extensions ca_extensions \
-        -days 365 \
+            -days 365 \
-        -notext \
+            -notext \
-        -in $ca_dir/cacert.csr \
+            -in $ca_dir/cacert.csr \
-        -out $ca_dir/cacert.pem \
+            -out $ca_dir/cacert.pem \
-        -batch
+            -batch
    fi
 }
 # Make a root CA to sign other CAs