Add cron job to clean up stuff; fix genpki

author: Alex Auvolat <alex@adnab.me> 2022-01-03 23:47:55 +0100
committer: Alex Auvolat <alex@adnab.me> 2022-01-03 23:47:55 +0100
commit: 143683ed2da5f537a7586b7263e648403b18ed17 (patch)
tree: 6549cd1a1988a16e952d39f32869a68b8b2a8c28 /genpki.sh
parent: 1ade671f964516976151ab8b2e8dc6027aa9e73f (diff)
download: nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.tar.gz
nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.zip
1 files changed, 8 insertions, 6 deletions
diff --git a/genpki.sh b/genpki.sh
index be10f6f..0ee6331 100755
--- a/genpki.sh
+++ b/genpki.sh
@@ -45,7 +45,8 @@ O = Deuxfleurs
 CN = $APP
 
 [v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth
+keyUsage = keyEncipherment, keyCertSign, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
 subjectAltName = @alt_names
 
 [alt_names]
@@ -85,7 +86,8 @@ O = Deuxfleurs
 CN = $APP-client
 
 [v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth
+keyUsage = keyEncipherment, keyCertSign, dataEncipherment
+extendedKeyUsage = clientAuth
 subjectAltName = @alt_names
 
 [alt_names]
@@ -97,8 +99,8 @@ EOF
 		rm $CERT-client.csr
 	fi
 
-	if [ ! -f $CERT-client.p12 ]; then
-		openssl pkcs12 -export -out $CERT-client.p12 \
-			-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
-	fi
+	#if [ ! -f $CERT-client.p12 ]; then
+	#	openssl pkcs12 -export -out $CERT-client.p12 \
+	#		-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
+	#fi
 done
author	Alex Auvolat <alex@adnab.me>	2022-01-03 23:47:55 +0100
committer	Alex Auvolat <alex@adnab.me>	2022-01-03 23:47:55 +0100
commit	143683ed2da5f537a7586b7263e648403b18ed17 (patch)
tree	6549cd1a1988a16e952d39f32869a68b8b2a8c28 /genpki.sh
parent	1ade671f964516976151ab8b2e8dc6027aa9e73f (diff)
download	nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.tar.gz nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.zip