Commit 33409034 authored by Dom Sekotill's avatar Dom Sekotill
Browse files

Include unique SN identifiers in CA generated by mk-cert 

This reduces conflicts between local development CAs from multiple
accounts.
parent c14fe29a

.bin/mk-cert

+6 −2
Original line number Diff line number Diff line
@@ -27,6 +27,8 @@ shopt -s extglob failglob globstar nullglob 
shopt -s inherit_errexit lastpipe

source ~/.shell/lib/builtins.bash



declare -r CA_SUBJ="/O=Local Development/CN=Local Development CA"

declare -r CERT_SUBJ="/O=Local Development/CN=Local Dev Certificate"

declare -r CONFIG_SERIAL=1

declare -r KEYNAME=secp384r1

declare -r CACHE=${XDG_CACHE_HOME:=$HOME/.cache}/dev-certs
@@ -96,6 +98,8 @@ generate_ca() { 
	[[ -e $CA_DIR/serial ]] || echo "01" >$CA_DIR/serial

	[[ -e $CA_DIR/ca.crt ]] && return



	local subject="${CA_SUBJ} ($(id -un)@$(hostname -f))"



	get_pass check



	openssl ecparam -genkey -name $KEYNAME |
@@ -107,7 +111,7 @@ generate_ca() { 
		-passin fd:3 3<<<"$CA_PASS" \

		-out "$CA_DIR/ca.crt" \

		-days $((365*10)) \

		-subj '/O=Local Development/CN=Local Development CA'

		-subj "$subject"



}
@@ -121,7 +125,7 @@ generate_cert() ( 
	[[ -e $CACHE/$ID.pem ]] && return



	local alt_subjects=$(join , "${@/#/DNS:}")

	local subject="/O=Local Development/CN=Local Dev Certificate ($ID)"

	local subject="${CERT_SUBJ} ($ID)"



	local serial=$(check_for_current "$subject")

	if [[ -z $serial ]]; then