certreq: Add ability to generate intermediate-CA requests.
authorFredrik Tolf <fredrik@dolda2000.com>
Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
committerFredrik Tolf <fredrik@dolda2000.com>
Fri, 18 Sep 2020 20:22:50 +0000 (22:22 +0200)
certreq

diff --git a/certreq b/certreq
index 142644e..74e0dd7 100755 (executable)
--- a/certreq
+++ b/certreq
@@ -10,13 +10,13 @@ commajoin() {
 }
 
 usage() {
 }
 
 usage() {
-    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
 }
 
 declare -A reqexts config
     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
 }
 
 declare -A reqexts config
-while getopts ha: OPT; do
+while getopts hCa: OPT; do
     case "$OPT" in
        h)
            usage
     case "$OPT" in
        h)
            usage
@@ -27,6 +27,13 @@ while getopts ha: OPT; do
            config[SAN]=1
            config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
            ;;
            config[SAN]=1
            config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
            ;;
+       C)
+           reqexts[NON_SELF_CA]=1
+           config[NON_SELF_CA]=1
+           config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
+                               "basicConstraints = critical,CA:true"
+                               "keyUsage = cRLSign, keyCertSign")
+           ;;
     esac
 done
 shift $((OPTIND - 1))
     esac
 done
 shift $((OPTIND - 1))