@@ -235,31 +235,34 @@ function make_cert {
235235 local common_name=$3
236236 local alt_names=$4
237237
238- # Generate a signing request
239- $OPENSSL req \
240- -sha1 \
241- -newkey rsa \
242- -nodes \
243- -keyout $ca_dir/private/$cert_name.key \
244- -out $ca_dir/$cert_name.csr \
245- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
246-
247- if [[ -z "$alt_names" ]]; then
248- alt_names="DNS:${common_name}"
249- else
250- alt_names="DNS:${common_name},${alt_names}"
251- fi
238+ # Only generate the certificate if it doesn't exist yet on the disk
239+ if [ ! -r "$ca_dir/$cert_name.crt" ]; then
240+ # Generate a signing request
241+ $OPENSSL req \
242+ -sha1 \
243+ -newkey rsa \
244+ -nodes \
245+ -keyout $ca_dir/private/$cert_name.key \
246+ -out $ca_dir/$cert_name.csr \
247+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}"
248+
249+ if [[ -z "$alt_names" ]]; then
250+ alt_names="DNS:${common_name}"
251+ else
252+ alt_names="DNS:${common_name},${alt_names}"
253+ fi
252254
253- # Sign the request valid for 1 year
254- SUBJECT_ALT_NAME="$alt_names" \
255- $OPENSSL ca -config $ca_dir/signing.conf \
256- -extensions req_extensions \
257- -days 365 \
258- -notext \
259- -in $ca_dir/$cert_name.csr \
260- -out $ca_dir/$cert_name.crt \
261- -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
262- -batch
255+ # Sign the request valid for 1 year
256+ SUBJECT_ALT_NAME="$alt_names" \
257+ $OPENSSL ca -config $ca_dir/signing.conf \
258+ -extensions req_extensions \
259+ -days 365 \
260+ -notext \
261+ -in $ca_dir/$cert_name.csr \
262+ -out $ca_dir/$cert_name.crt \
263+ -subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
264+ -batch
265+ fi
263266}
264267
265268
@@ -274,23 +277,25 @@ function make_int_CA {
274277 create_CA_config $ca_dir 'Intermediate CA'
275278 create_signing_config $ca_dir
276279
277- # Create a signing certificate request
278- $OPENSSL req -config $ca_dir/ca.conf \
279- -sha1 \
280- -newkey rsa \
281- -nodes \
282- -keyout $ca_dir/private/cacert.key \
283- -out $ca_dir/cacert.csr \
284- -outform PEM
285-
286- # Sign the intermediate request valid for 1 year
287- $OPENSSL ca -config $signing_ca_dir/ca.conf \
288- -extensions ca_extensions \
289- -days 365 \
290- -notext \
291- -in $ca_dir/cacert.csr \
292- -out $ca_dir/cacert.pem \
293- -batch
280+ if [ ! -r "$ca_dir/cacert.pem" ]; then
281+ # Create a signing certificate request
282+ $OPENSSL req -config $ca_dir/ca.conf \
283+ -sha1 \
284+ -newkey rsa \
285+ -nodes \
286+ -keyout $ca_dir/private/cacert.key \
287+ -out $ca_dir/cacert.csr \
288+ -outform PEM
289+
290+ # Sign the intermediate request valid for 1 year
291+ $OPENSSL ca -config $signing_ca_dir/ca.conf \
292+ -extensions ca_extensions \
293+ -days 365 \
294+ -notext \
295+ -in $ca_dir/cacert.csr \
296+ -out $ca_dir/cacert.pem \
297+ -batch
298+ fi
294299}
295300
296301# Make a root CA to sign other CAs
0 commit comments