#! /bin/sh
+# Copyright (c) 2008, 2009 Nicira Networks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
set -e
pkidir='@PKIDIR@'
openssl dsaparam -out dsaparam.pem $bits 1>&3 2>&3
fi
+ # Get the current date to add some uniqueness to this certificate
+ curr_date=`date +"%Y %b %d %T"`
+
# Create the CAs.
for ca in controllerca switchca; do
echo "Creating $ca..." >&2
cp ../dsaparam.pem .
fi
- # Write CA configuration file.
+ # Write CA configuration file.
if test ! -e ca.cnf; then
- sed "s/@ca@/$ca/g" > ca.cnf <<'EOF'
+ sed "s/@ca@/$ca/g;s/@curr_date@/$curr_date/g" > ca.cnf <<'EOF'
[ req ]
prompt = no
distinguished_name = req_distinguished_name
L = Palo Alto
O = Open vSwitch
OU = @ca@
-CN = Open vSwitch @ca@ CA Certificate
+CN = OVS @ca@ CA Certificate (@curr_date@)
[ ca ]
default_ca = the_ca
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days 1095 -batch -keyfile private/cakey.pem -selfsign \
+ -days 2191 -batch -keyfile private/cakey.pem -selfsign \
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem