@@ -231,31 +231,34 @@ function make_cert {
231231 local common_name=$3
232232 local alt_names=$4
233233
234- # Generate a signing request
235- $OPENSSL req \
236- -sha1 \
237- -newkey rsa \
238- -nodes \
239- -keyout $ca_dir/private/$cert_name.key \
240- -out $ca_dir/$cert_name.csr \
241- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
242-
243- if [[ -z "$alt_names" ]]; then
244- alt_names="DNS:${common_name}"
245- else
246- alt_names="DNS:${common_name},${alt_names}"
247- fi
234+ # Only generate the certificate if it doesn't exist yet on the disk
235+ if [ ! -r "$ca_dir/$cert_name.crt" ]; then
236+ # Generate a signing request
237+ $OPENSSL req \
238+ -sha1 \
239+ -newkey rsa \
240+ -nodes \
241+ -keyout $ca_dir/private/$cert_name.key \
242+ -out $ca_dir/$cert_name.csr \
243+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
244+
245+ if [[ -z "$alt_names" ]]; then
246+ alt_names="DNS:${common_name}"
247+ else
248+ alt_names="DNS:${common_name},${alt_names}"
249+ fi
248250
249- # Sign the request valid for 1 year
250- SUBJECT_ALT_NAME="$alt_names" \
251- $OPENSSL ca -config $ca_dir/signing.conf \
252- -extensions req_extensions \
253- -days 365 \
254- -notext \
255- -in $ca_dir/$cert_name.csr \
256- -out $ca_dir/$cert_name.crt \
257- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
258- -batch
251+ # Sign the request valid for 1 year
252+ SUBJECT_ALT_NAME="$alt_names" \
253+ $OPENSSL ca -config $ca_dir/signing.conf \
254+ -extensions req_extensions \
255+ -days 365 \
256+ -notext \
257+ -in $ca_dir/$cert_name.csr \
258+ -out $ca_dir/$cert_name.crt \
259+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
260+ -batch
261+ fi
259262}
260263
261264
@@ -270,23 +273,25 @@ function make_int_CA {
270273 create_CA_config $ca_dir 'Intermediate CA'
271274 create_signing_config $ca_dir
272275
273- # Create a signing certificate request
274- $OPENSSL req -config $ca_dir/ca.conf \
275- -sha1 \
276- -newkey rsa \
277- -nodes \
278- -keyout $ca_dir/private/cacert.key \
279- -out $ca_dir/cacert.csr \
280- -outform PEM
281-
282- # Sign the intermediate request valid for 1 year
283- $OPENSSL ca -config $signing_ca_dir/ca.conf \
284- -extensions ca_extensions \
285- -days 365 \
286- -notext \
287- -in $ca_dir/cacert.csr \
288- -out $ca_dir/cacert.pem \
289- -batch
276+ if [ ! -r "$ca_dir/cacert.pem" ]; then
277+ # Create a signing certificate request
278+ $OPENSSL req -config $ca_dir/ca.conf \
279+ -sha1 \
280+ -newkey rsa \
281+ -nodes \
282+ -keyout $ca_dir/private/cacert.key \
283+ -out $ca_dir/cacert.csr \
284+ -outform PEM
285+
286+ # Sign the intermediate request valid for 1 year
287+ $OPENSSL ca -config $signing_ca_dir/ca.conf \
288+ -extensions ca_extensions \
289+ -days 365 \
290+ -notext \
291+ -in $ca_dir/cacert.csr \
292+ -out $ca_dir/cacert.pem \
293+ -batch
294+ fi
290295}
291296
292297# Make a root CA to sign other CAs
0 commit comments