New PKI workz like a charm :-) OCSP working as well. Nice!

aditosoftware · Feb 10, 2017 · c44d38c · c44d38c
1 parent 63bffba
commit c44d38c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/api/certificate.js b/api/certificate.js
@@ -88,7 +88,7 @@ certificate.request = function(req, res){
         fs.writeFile(tempdir + 'request.csr', csr, function(err) {
             if(err === null) {
                 // OpenSSL command template
-                var signcommand = util.format('openssl ca -batch -config %sopenssl.cnf -extensions server_cert -days 1 -notext -md sha256 -in request.csr -key "%s" -out cert.pem', global.paths.pkipath, global.config.ca.passphrase);
+                var signcommand = util.format('openssl ca -batch -config %s/intermediate/openssl.cnf -extensions server_cert -days 1 -notext -md sha256 -in request.csr -key "%s" -out cert.pem', global.paths.pkipath, global.config.ca.intermediate.passphrase);
 
                 // Execute Linux Shell command
                 exec(signcommand, { cwd: tempdir }, function(error, stdout, stderr) {
@@ -151,7 +151,7 @@ certificate.revoke = function(req, res){
             if(err === null) {
                 // Execute OpenSSL command
                 log.info("Executing OpenSSL command.")
-                var revokecommand = util.format('openssl ca -config %sopenssl.cnf -revoke cert.pem -key "%s"', global.paths.pkipath, global.config.ca.passphrase);
+                var revokecommand = util.format('openssl ca -config %sintermediate/openssl.cnf -revoke cert.pem -key "%s"', global.paths.pkipath, global.config.ca.intermediate.passphrase);
 
                 exec(revokecommand, { cwd: tempdir }, function(error, stdout, stderr) {
                     if (error === null) {

diff --git a/certdb.js b/certdb.js
@@ -21,7 +21,7 @@ var reindex = function() {
 
         // Index-Datei öffnen
         var lineReader = require('readline').createInterface({
-            input: require('fs').createReadStream('./mypki/index.txt')
+            input: require('fs').createReadStream('./mypki/intermediate/index.txt')
         });
 
         certificates = [];

diff --git a/genpki.js b/genpki.js
@@ -169,7 +169,12 @@ var createIntermediateCA = function() {
                     fs.removeSync(pkidir + 'intermediate/intermediate.csr.pem');
 
                     // Create CA chain file
-                    // TO BE DONE
+                    // Read intermediate
+                    intermediate = fs.readFileSync(pkidir + 'intermediate/intermediate.cert.pem', 'utf8');
+                    // Read root cert
+                    root = fs.readFileSync(pkidir + 'root/root.cert.pem', 'utf8');
+                    cachain = intermediate + '\n\n' + root;
+                    fs.writeFileSync(pkidir + 'intermediate/ca-chain.cert.pem', cachain);
 
                     resolve();
                 });

diff --git a/ocsp-server.js b/ocsp-server.js
@@ -20,11 +20,11 @@ var startServer = function() {
             '-text',
             '-sha256',
             '-index', 'index.txt',
-            '-CA', 'certs/ca.cert.pem',
-            '-rkey', 'private/ocsp.key.pem',
-            '-rsigner', 'certs/ocsp.cert.pem'
+            '-CA', 'ca-chain.cert.pem',
+            '-rkey', 'ocsp/ocsp.key.pem',
+            '-rsigner', 'ocsp/ocsp.cert.pem'
          ], {
-            cwd: "mypki/",
+            cwd: "mypki/intermediate",
             detached: true,
             shell: true
         });