certreq: Add ability to generate intermediate-CA requests.

author Fredrik Tolf <fredrik@dolda2000.com>

Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)

committer Fredrik Tolf <fredrik@dolda2000.com>

Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
author Fredrik Tolf <fredrik@dolda2000.com>
Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
committer Fredrik Tolf <fredrik@dolda2000.com>
Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
diff --git a/certreq b/certreq

index 142644e..74e0dd7 100755 (executable)
--- a/certreq
+++ b/certreq
@@ -10,13 +10,13 @@ commajoin() {
  }
  
  usage() {
-    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
      echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
      echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
  }
  
  declare -A reqexts config
-while getopts ha: OPT; do
+while getopts hCa: OPT; do
      case "$OPT" in
         h)
             usage
@@ -27,6 +27,13 @@ while getopts ha: OPT; do
             config[SAN]=1
             config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
             ;;
+       C)
+           reqexts[NON_SELF_CA]=1
+           config[NON_SELF_CA]=1
+           config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
+                               "basicConstraints = critical,CA:true"
+                               "keyUsage = cRLSign, keyCertSign")
+           ;;
      esac
  done
  shift $((OPTIND - 1))
author	Fredrik Tolf <fredrik@dolda2000.com>
	Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
committer	Fredrik Tolf <fredrik@dolda2000.com>
	Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)