Commit 922a15c7 authored by ale's avatar ale

dropped -selfsign option; revoke certificates that are re-generated but not expired; fixes

parent af9cab5f
No preview for this file type
......@@ -33,6 +33,10 @@ def gen(tag):
ans = raw_input('This certificate seems to exist already (in %s).\nAre you really sure that you want to re-create it? [y/N] ' % crt_file)
if not ans or ans[0].lower() != 'y':
sys.exit(0)
print 'Revoking previous certificate...'
openssl('ca', '-config', conf_file,
'-revoke', public_crt_file)
# create custom config file
template(conf_file,
......
......@@ -47,7 +47,7 @@ def newca():
openssl('ca',
'-config', conf_file, '-batch',
'-keyfile', ca_key_file,
'-extensions', 'v3_ca', '-selfsign',
'-extensions', 'v3_ca',
'-out', ca_file,
'-infiles', ca_csr_file)
openssl('ca',
......
No preview for this file type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment