X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=generateInfra.sh;h=6da93445678c8e858290068e91fed3de4daf7309;hb=26af5d502565f10a3d3d91192e5545f59075ca59;hp=76a6eeed297838a5d3183dd5d6a84ac94017f9c9;hpb=fd12e48f597a3edd99f8b235a897e36faa745ceb;p=nre.git

diff --git a/generateInfra.sh b/generateInfra.sh
index 76a6eee..6da9344 100755
--- a/generateInfra.sh
+++ b/generateInfra.sh
@@ -8,6 +8,8 @@ year=$1
 . structure
 . commonFunctions
 
+cd generated
+
 CRL="
 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl
 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt"
@@ -47,7 +49,7 @@ genserver(){ #key, subject, config
     openssl req -new -key $1.key -out $1.csr -subj "$2"
     caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}"
     
-    openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12
+    TZ=UTC LD_PRELOAD=`ls /usr/lib/*/faketime/libfaketime.so.1` FAKETIME="${year}-01-01 00:00:00" openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12 -name "$4"
     
 }
 
@@ -57,18 +59,19 @@ cat $year/ca/env_${year}_1.ca/key.crt env.ca/key.crt root.ca/key.crt > env.chain
 
 # generate environment-keys specific to gigi.
 # first the server keys
-genserver $year/keys/www "/CN=www.${DOMAIN}" req.cnf
-genserver $year/keys/secure "/CN=secure.${DOMAIN}" req.cnf
-genserver $year/keys/static "/CN=static.${DOMAIN}" req.cnf
-genserver $year/keys/api "/CN=api.${DOMAIN}" req.cnf
+genserver $year/keys/www "/CN=www.${DOMAIN}" req.cnf www
+genserver $year/keys/secure "/CN=secure.${DOMAIN}" req.cnf secure
+genserver $year/keys/static "/CN=static.${DOMAIN}" req.cnf static
+genserver $year/keys/api "/CN=api.${DOMAIN}" req.cnf api
 
 # then the email signing key
-genserver $year/keys/mail "/emailAddress=support@${DOMAIN}" reqMail.cnf
+genserver $year/keys/mail "/emailAddress=support@${DOMAIN}" reqMail.cnf mail
 
 # then environment-keys for cassiopeia
-genserver $year/keys/signer_client "/CN=CAcert signer handler 1" reqClient.cnf
-genserver $year/keys/signer_server "/CN=CAcert signer 1" req.cnf
+genserver $year/keys/signer_client "/CN=CAcert signer handler 1" reqClient.cnf signer_client
+genserver $year/keys/signer_server "/CN=CAcert signer 1" req.cnf signer_server
 
 rm req.cnf reqMail.cnf reqClient.cnf
 
+
 rm env.chain.crt