gen-ec-cert: reuse the private key if it exists
This commit is contained in:
parent
ea435f67d5
commit
f0505b1d11
@ -27,13 +27,21 @@ shift $((OPTIND - 1))
|
||||
[ $# -eq 1 ] && [ -n "$1" ] || usage
|
||||
domain=$1
|
||||
|
||||
(umask 077 && openssl genpkey -aes256 \
|
||||
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" -out "$domain.key")
|
||||
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then
|
||||
# openssl doesn't return an error code if there is a password mismatch
|
||||
# or a password too short, and it creates the output file anyways
|
||||
if [ -f "$domain.key" ]; then
|
||||
printf "%s: key for %s already exists; reusing it.\n" \
|
||||
"${0##*/}" "$domain" >&2
|
||||
else
|
||||
(umask 077 && openssl genpkey -aes256 \
|
||||
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" \
|
||||
-out "$domain.key")
|
||||
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then
|
||||
# openssl doesn't return an error code if there is a password
|
||||
# mismatch or a password too short, and it creates the output
|
||||
# file anyways
|
||||
rm -f "$domain.key"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
|
||||
-key "$domain.key" -out "$domain.pem"
|
||||
|
Loading…
Reference in New Issue
Block a user