cli: Generate openssl.cnf snippet as file instead of writing it to terminal

2024-12-22 16:25:17 +00:00 · 2015-08-27 09:19:26 +00:00 · 2015-08-27 09:19:26 +00:00 · da2002538e
commit da2002538e
parent f7183fd1ab
2 changed files with 10 additions and 2 deletions
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -579,9 +579,13 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
    with open(ca_key, "wb") as fh:
        fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))

-    click.echo("Insert following to /etc/ssl/openssl.cnf:")
+    with open(os.path.join(directory, "openssl.cnf.example"), "w") as fh:
+        fh.write(env.get_template("openssl.cnf").render(locals()))
+
+    click.echo("You need to copy the contents of the 'openssl.cnf.example'")
+    click.echo("to system-wide OpenSSL configuration file, usually located")
+    click.echo("at /etc/ssl/openssl.cnf")
    click.echo()
-    click.secho(env.get_template("openssl.cnf").render(locals()), fg="blue")

    click.echo()
    click.echo("Use following commands to inspect the newly created files:")
--- a/certidude/templates/openssl.cnf
+++ b/certidude/templates/openssl.cnf
@ -1,3 +1,6 @@
+# You have to copy the settings to the system-wide
+# OpenSSL configuration (usually /etc/ssl/openssl.cnf
+
 [CA_{{slug}}]
 default_crl_days = {{revocation_list_lifetime}}
 default_days = {{certificate_lifetime}}
@ -38,3 +41,4 @@ emailAddress = optional
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation,digitalSignature,keyEncipherment
 extendedKeyUsage = clientAuth
+