Commit c06ebd69 authored by Gary Wong's avatar Gary Wong

Add URNs to CA certificates right at creation (for ProtoGENI sites).

Previously, all certificates were created without URNs, and ProtoGENI
sites bolted them on when initsite was run.
parent 6808fa53
......@@ -56,13 +56,18 @@ include $(TESTBED_SRCDIR)/GNUmakerules
#
pems: emulab.pem server.pem client.pem
emulab.pem: dirsmade mkserial emulab.cnf emulab.key
emulab.pem: dirsmade mkserial emulab.cnf emulab-geni.cnf emulab.key
#
# Create the Certificate Authority.
# The certificate is installed on both boss and remote nodes.
#
ifeq (@PROTOGENI_SUPPORT@,1)
openssl req -new -x509 -days 2000 -config emulab-geni.cnf \
-text -key emulab.key -out emulab.pem
else
openssl req -new -x509 -days 2000 -config emulab.cnf \
-text -key emulab.key -out emulab.pem
endif
server.pem: dirsmade mkserial server.cnf ca.cnf server.key server.req
# Create the serial file.
......
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
default_days = 2000
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
C = @SSLCERT_COUNTRY@
ST = @SSLCERT_STATE@
L = @SSLCERT_LOCALITY@
O = @SSLCERT_ORGNAME@
OU = Certificate Authority
CN = @BOSSNODE@
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
subjectAltName=URI:urn:publicid:IDN+@OURDOMAIN@+authority+root
issuerAltName=URI:urn:publicid:IDN+@OURDOMAIN@+authority+root
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment