rootSign(){ # csr
POLICY=ca.cnf
if [[ "$1" != "root" ]] ; then
- KNAME=$1
- POLICY=subca.cnf
- . ../CAs/${KNAME}
- cat <<TESTCA > subca.cnf
+ KNAME=$1
+ POLICY=subca.cnf
+ . ../CAs/${KNAME}
+ cat <<TESTCA > subca.cnf
basicConstraints =critical, CA:true
keyUsage =critical, keyCertSign, cRLSign
rootSign root
# generate the various sub-CAs
-for ca in $STRUCT_CAS; do
+for ca in "${STRUCT_CAS[@]}"; do
. ../CAs/$ca
genca "/CN=$name" $ca
rootSign $ca