Add -b BITS flag to ca-create-cert.

This commit is contained in:
Alex Bramley 2010-02-14 06:58:41 +00:00
parent 4415635554
commit 8a883205b1
5 changed files with 13 additions and 1 deletions

View file

@ -26,6 +26,7 @@ Options:
-f, --config FILE Use config file instead of $CONFFILE -f, --config FILE Use config file instead of $CONFFILE
-t, --type TYPE Certificate type: "server", "client" or "user" -t, --type TYPE Certificate type: "server", "client" or "user"
-d, --days DAYS Certificate is valid for DAYS days instead of 365 -d, --days DAYS Certificate is valid for DAYS days instead of 365
-b, --bits BITS Generate a BITS bit certificate instead of 2048
-n, --alt-name NAME Alternative host name (can be provided multiple times) -n, --alt-name NAME Alternative host name (can be provided multiple times)
-p, --pkcs12 Create PKCS#12 certificate archive from generated cert -p, --pkcs12 Create PKCS#12 certificate archive from generated cert
-r, --csr-only Only generate CSR, don't sign it -r, --csr-only Only generate CSR, don't sign it
@ -56,6 +57,7 @@ while :; do
-f|--config) shift; CONFFILE="$1"; shift;; -f|--config) shift; CONFFILE="$1"; shift;;
-t|--type) shift; CA_CRT_TYPE="$1"; shift;; -t|--type) shift; CA_CRT_TYPE="$1"; shift;;
-d|--days) shift; CA_CRT_DAYS="-days $1"; shift;; -d|--days) shift; CA_CRT_DAYS="-days $1"; shift;;
-b|--bits) shift; CA_CRT_BITS="$1"; shift;;
-n|--alt-name) shift; ALT_NAMES+=("$1"); shift;; -n|--alt-name) shift; ALT_NAMES+=("$1"); shift;;
-p|--pkcs12) MAKE_P12=1; shift;; -p|--pkcs12) MAKE_P12=1; shift;;
-r|--csr-only) CSR_ONLY=1; shift;; -r|--csr-only) CSR_ONLY=1; shift;;

View file

@ -38,6 +38,10 @@ CA_DN_CN="Example Security Services Root Certificate Authority"
# CA_CRT_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crt" # CA_CRT_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crt"
# CA_CRL_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crl" # CA_CRL_URI="http://$CA_DOMAIN/ca/$CA_NAME.ca.crl"
# OPTIONAL: CA_CRT_BITS sets the default key length for generated keys.
# Default value:
# CA_CRT_BITS=2048
# OPTIONAL: CA_PATHLEN sets the maximum number of intermediate CA certificates # OPTIONAL: CA_PATHLEN sets the maximum number of intermediate CA certificates
# that can be in the chain of authority between the root CA and the # that can be in the chain of authority between the root CA and the
# final certificate. # final certificate.

View file

@ -78,6 +78,11 @@ I</etc/ca-scripts.conf>.
Sign the certificate to be valid for I<DAYS> days instead of the default of Sign the certificate to be valid for I<DAYS> days instead of the default of
one year. one year.
=item B<-b> I<BITS>, B<--bits> I<BITS>
Generate a I<BITS>-bit certificate instead of a default 2048-bit one.
Traditionally this is a power of two, e.g. 512, 1024, 2048, 4096.
=item B<-n> I<NAME>, B<--alt-name> I<NAME> =item B<-n> I<NAME>, B<--alt-name> I<NAME>
Only valid for I<server> type certificates. Specifies an alternative host Only valid for I<server> type certificates. Specifies an alternative host

View file

@ -90,6 +90,7 @@ CA_DESC $CA_DN_CN
CA_CRT_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crt CA_CRT_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crt
CA_CRL_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crl CA_CRL_URI http://$CA_DOMAIN/ca/$CA_NAME.ca.crl
CA_PATHLEN 0 CA_PATHLEN 0
CA_CRT_BITS 2048
CA_CRT_C $CA_DN_C CA_CRT_C $CA_DN_C
CA_CRT_ST $CA_DN_ST CA_CRT_ST $CA_DN_ST
CA_CRT_L $CA_DN_L CA_CRT_L $CA_DN_L

View file

@ -1,5 +1,5 @@
[ req ] [ req ]
default_bits = 2048 default_bits = %CA_CRT_BITS%
default_md = sha1 default_md = sha1
distinguished_name = req_dn distinguished_name = req_dn
req_extensions = req_%CA_CRT_TYPE%_extensions req_extensions = req_%CA_CRT_TYPE%_extensions