Commit cea2b796 authored by Janek Bevendorff's avatar Janek Bevendorff

Add --validity option

parent e73649f6
......@@ -24,7 +24,7 @@ shift
# Define command line arguments and parse them.
if [ "$CMD" == "issue" ]; then
DEFINE_string "cryfs_dir" "" "CryFS base dir containing the encrypted certificates." "d"
DEFINE_integer "keyring_id" "-1" "Retrieve given CryFS decryption key from kernel keyring" "k"
DEFINE_integer "keyring_id" -1 "Retrieve given CryFS decryption key from kernel keyring" "k"
DEFINE_string "root_cn" "" "CN of the root certificate for signing (optional)" "r"
DEFINE_string "type" "client" "Certificate type (client | server | ca)" "t"
DEFINE_string "common_name" "" "Common Name (CN) for the certificate (e.g., username)" "c"
......@@ -34,6 +34,7 @@ if [ "$CMD" == "issue" ]; then
DEFINE_string "email" "" "E-Mail address for the certificate" "e"
DEFINE_boolean "no_password" false "Do not encrypt private key" "n"
DEFINE_boolean "overwrite" false "Overwrite existing certificates instead of incrementing filename (use with caution!)" "x"
DEFINE_integer "validity" "" "Certificate validity period in days" "v"
DEFINE_string "csr" "" "CSR file (optional)" "i"
DEFINE_string "out" "/dev/stdout" "OpenVPN .ovpn config or PEM file to generate (optional)" "o"
elif [ "$CMD" == "revoke" ]; then
......@@ -175,7 +176,9 @@ generate_crl() {
sign_csr() {
local validity=730
# certificate validity in days
if [ "$6" == "server" ]; then
if [ "$FLAGS_validity" -gt 0 ]; then
validity="$FLAGS_validity"
elif [ "$6" == "server" ]; then
validity=1825
elif [ "$6" == "ca" ]; then
validity=3650
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment