updating TODO, etc.

2015-09-26 15:03:11 -04:00
parent 673a54ef2e
commit 8726f63c7c
4 changed files with 10 additions and 7 deletions
--- a/lib/10-yo_dj.func.sh
+++ b/lib/10-yo_dj.func.sh
@@ -316,9 +316,9 @@ EOF
        echo 01 > ${SSLDIR}/txt/ca.srl
      fi
      touch ${SSLDIR}/txt/ca.idx
-      openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512
-      openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512
-      openssl ca -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt
      #cat crts/server.crt crts/ca.crt > crts/server_chained.crt
    elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
    then
@@ -339,9 +339,9 @@ EOF
      IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
      IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
      # Generate SSL client key.
-      openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512
+      openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512
      # Sign the crt.
-      openssl ca -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT}
+      openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT}
    elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]]; 
    then
      echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."