genserver(){ #key, subject, config
openssl genrsa -out $1.key ${KEYSIZE}
openssl req -new -key $1.key -out $1.csr -subj "$2"
- caSign $1 $year/ca/env_${year}_1 "$3"
+ caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}"
openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12
mkdir -p $year/ca
-STARTDATE="${year:2}"
-ENDDATE="$((${year:2} + 2))"
+STARTDATE="${year}"
+ENDDATE="$((${year} + 2))"
for i in $TIME_IDX; do
point=${points[${i}]}
points[1]="0101000000Z"
points[2]="0601000000Z"
-ROOT_VALIDITY="-startdate 150101000000Z -enddate 300101000000Z"
+ROOT_VALIDITY="-startdate 20150101000000Z -enddate 20300101000000Z"
else
CA_FILE=$year/ca/${ca}_${year}_${i}.crt
fi
- time=${year:2}${points[${i}]}
- timestamp=$(date --date="${time:2:2}/${time:4:2}/${time:0:2} 03:00:00 UTC" +"%s")
+ time=${points[${i}]}
+ timestamp=$(date --date="${time:0:2}/${time:2:2}/${year} 03:00:00 UTC" +"%s")
verify "$CA_FILE" "$ca.ca/key.crt" "-attime ${timestamp}"
openssl x509 -in "$CA_FILE" -noout -text | grep "CA Issuers" | grep "/$ca.crt" > /dev/null || error "CA Issuers field is wrong for $ca"
openssl x509 -in "$CA_FILE" -noout -text | grep "Subject: " | grep "CN=$name" > /dev/null || error "Subject field did not verify"