Check if CN already exists only after having asked for user password
Otherwise, with "-p", "--replace-existing" and "--non-interactive", with CA_PASSWORD set but PASSWORD unset, the existing certificate was revoked but the new one could'nt be created. Now, PASSWORD must be set or the exisiting certificate won't be revoked
This commit is contained in:
parent
ba2f553ef4
commit
55e02c6a13
12
shellpki
12
shellpki
|
@ -630,7 +630,7 @@ create() {
|
|||
# get CN from CSR
|
||||
cn=$("${OPENSSL_BIN}" req -noout -subject -in "${csr_file}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs)
|
||||
|
||||
# check if CN already exist
|
||||
# check if CN already exists
|
||||
if [ -f "${crt_file}" ]; then
|
||||
replace_existing_or_abort "${cn}"
|
||||
fi
|
||||
|
@ -665,11 +665,6 @@ create() {
|
|||
ovpn_file="${OVPN_DIR}/${cn}-${SUFFIX}.ovpn"
|
||||
pkcs12_file="${PKCS12_DIR}/${cn}-${SUFFIX}.p12"
|
||||
|
||||
# check if CN already exist
|
||||
if [ -f "${crt_file}" ]; then
|
||||
replace_existing_or_abort "${cn}"
|
||||
fi
|
||||
|
||||
# ask for CA passphrase
|
||||
ask_ca_password 0
|
||||
|
||||
|
@ -677,6 +672,11 @@ create() {
|
|||
ask_user_password
|
||||
fi
|
||||
|
||||
# check if CN already exists
|
||||
if [ -f "${crt_file}" ]; then
|
||||
replace_existing_or_abort "${cn}"
|
||||
fi
|
||||
|
||||
# generate private key
|
||||
pass_args=""
|
||||
if [ -n "${password_file:-}" ]; then
|
||||
|
|
Loading…
Reference in a new issue