Add -b BITS flag to ca-create-cert.
This commit is contained in:
parent
4415635554
commit
8a883205b1
5 changed files with 13 additions and 1 deletions
|
@ -26,6 +26,7 @@ Options:
|
|||
-f, --config FILE Use config file instead of $CONFFILE
|
||||
-t, --type TYPE Certificate type: "server", "client" or "user"
|
||||
-d, --days DAYS Certificate is valid for DAYS days instead of 365
|
||||
-b, --bits BITS Generate a BITS bit certificate instead of 2048
|
||||
-n, --alt-name NAME Alternative host name (can be provided multiple times)
|
||||
-p, --pkcs12 Create PKCS#12 certificate archive from generated cert
|
||||
-r, --csr-only Only generate CSR, don't sign it
|
||||
|
@ -56,6 +57,7 @@ while :; do
|
|||
-f|--config) shift; CONFFILE="$1"; shift;;
|
||||
-t|--type) shift; CA_CRT_TYPE="$1"; shift;;
|
||||
-d|--days) shift; CA_CRT_DAYS="-days $1"; shift;;
|
||||
-b|--bits) shift; CA_CRT_BITS="$1"; shift;;
|
||||
-n|--alt-name) shift; ALT_NAMES+=("$1"); shift;;
|
||||
-p|--pkcs12) MAKE_P12=1; shift;;
|
||||
-r|--csr-only) CSR_ONLY=1; shift;;
|
||||
|
|
|
@ -38,6 +38,10 @@ CA_DN_CN="Example Security Services Root Certificate Authority"
|
|||
# CA_CRT_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crt"
|
||||
# CA_CRL_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crl"
|
||||
|
||||
# OPTIONAL: CA_CRT_BITS sets the default key length for generated keys.
|
||||
# Default value:
|
||||
# CA_CRT_BITS=2048
|
||||
|
||||
# OPTIONAL: CA_PATHLEN sets the maximum number of intermediate CA certificates
|
||||
# that can be in the chain of authority between the root CA and the
|
||||
# final certificate.
|
||||
|
|
|
@ -78,6 +78,11 @@ I</etc/ca-scripts.conf>.
|
|||
Sign the certificate to be valid for I<DAYS> days instead of the default of
|
||||
one year.
|
||||
|
||||
=item B<-b> I<BITS>, B<--bits> I<BITS>
|
||||
|
||||
Generate a I<BITS>-bit certificate instead of a default 2048-bit one.
|
||||
Traditionally this is a power of two, e.g. 512, 1024, 2048, 4096.
|
||||
|
||||
=item B<-n> I<NAME>, B<--alt-name> I<NAME>
|
||||
|
||||
Only valid for I<server> type certificates. Specifies an alternative host
|
||||
|
|
|
@ -90,6 +90,7 @@ CA_DESC $CA_DN_CN
|
|||
CA_CRT_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crt
|
||||
CA_CRL_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crl
|
||||
CA_PATHLEN 0
|
||||
CA_CRT_BITS 2048
|
||||
CA_CRT_C $CA_DN_C
|
||||
CA_CRT_ST $CA_DN_ST
|
||||
CA_CRT_L $CA_DN_L
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[ req ]
|
||||
default_bits = 2048
|
||||
default_bits = %CA_CRT_BITS%
|
||||
default_md = sha1
|
||||
distinguished_name = req_dn
|
||||
req_extensions = req_%CA_CRT_TYPE%_extensions
|
||||
|
|
Loading…
Reference in a new issue