--- loncom/CrCA.pl 2019/07/18 00:28:04 1.4 +++ loncom/CrCA.pl 2023/05/14 19:14:39 1.7 @@ -2,7 +2,7 @@ # The LearningOnline Network with CAPA # Script to create a Certificate Authority (CA) for a LON-CAPA cluster. # -# $Id: CrCA.pl,v 1.4 2019/07/18 00:28:04 raeburn Exp $ +# $Id: CrCA.pl,v 1.7 2023/05/14 19:14:39 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -176,7 +176,7 @@ END } else { print "A lonca directory is required, but no directory exists\n"; exit; - } + } if (-e "$dir/lonca/opensslca.conf") { # retrieve existing config file and verify that if contains the required fields. %data = &parse_config("$dir/lonca/opensslca.conf"); @@ -196,7 +196,7 @@ END A configuration file: $dir/lonca/opensslca.conf will be created. -The following information will be included: +The following information will be included: Country, State/Province, City, Cluster Name, Organizational Name, E-mail address, Default certificate lifetime (days), CRL re-creation interval (days) END @@ -258,6 +258,7 @@ x509_extensions = certificate_extension [ loncapa_policy ] commonName = supplied +localityName = supplied stateOrProvinceName = supplied countryName = supplied emailAddress = supplied @@ -272,6 +273,10 @@ crlDistributionPoints = URI:http://$clus [ req ] default_bits = 2048 +default_md = sha256 +default_keyfile = $dir/lonca/private/cakey.pem + +prompt = no distinguished_name = loncapa_ca x509_extensions = loncapa_ca_extensions @@ -294,7 +299,7 @@ authorityKeyIdentifier=keyid:always,issu END - + close($fh); } else { print 'Error: failed to wtite to '."$dir/lonca/opensslca.conf. Exiting.\n"; exit; @@ -347,7 +352,7 @@ END } else { exit; } - } + } } else { $sslkeypass = &get_new_sslkeypass(); # generate SSL key @@ -441,8 +446,8 @@ END chmod $mode, "$dir/lonca/index.txt"; } else { print "lonca/index.txt file is missing\n"; - exit; - } + exit; + } my $defcrlsel = 1; if (!-e "$dir/lonca/crl/loncapaCAcrl.pem") {