Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
This commit is contained in:
Anton Hvornum
Anton Hvornum
parent
60a38f0890
commit
28becbfc03
1 changed files with 2 additions and 1 deletions
|
|
@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
|
||||||
# Create the Certificate Authority
|
# Create the Certificate Authority
|
||||||
openssl req \
|
openssl req \
|
||||||
-newkey rsa:4096 \
|
-newkey rsa:4096 \
|
||||||
-sha256 \
|
|
||||||
-nodes \
|
-nodes \
|
||||||
-x509 \
|
-x509 \
|
||||||
-new \
|
-new \
|
||||||
|
|
@ -280,6 +279,8 @@ EOF
|
||||||
-days 2 \
|
-days 2 \
|
||||||
-notext \
|
-notext \
|
||||||
-md sha256 \
|
-md sha256 \
|
||||||
|
-keyfile "${ca_key}" \
|
||||||
|
-cert "${ca_cert}" \
|
||||||
-in "${codesigning_cert}.csr" \
|
-in "${codesigning_cert}.csr" \
|
||||||
-out "${codesigning_cert}"
|
-out "${codesigning_cert}"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue