From da2002538e57f68a12df6a50a1e716092b62a069 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Thu, 27 Aug 2015 09:19:26 +0000 Subject: [PATCH] cli: Generate openssl.cnf snippet as file instead of writing it to terminal --- certidude/cli.py | 8 ++++++-- certidude/templates/openssl.cnf | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/certidude/cli.py b/certidude/cli.py index 56278cb..17f8f84 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -579,9 +579,13 @@ def certidude_setup_authority(parent, country, state, locality, organization, or with open(ca_key, "wb") as fh: fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) - click.echo("Insert following to /etc/ssl/openssl.cnf:") + with open(os.path.join(directory, "openssl.cnf.example"), "w") as fh: + fh.write(env.get_template("openssl.cnf").render(locals())) + + click.echo("You need to copy the contents of the 'openssl.cnf.example'") + click.echo("to system-wide OpenSSL configuration file, usually located") + click.echo("at /etc/ssl/openssl.cnf") click.echo() - click.secho(env.get_template("openssl.cnf").render(locals()), fg="blue") click.echo() click.echo("Use following commands to inspect the newly created files:") diff --git a/certidude/templates/openssl.cnf b/certidude/templates/openssl.cnf index fe2f808..6b09e10 100644 --- a/certidude/templates/openssl.cnf +++ b/certidude/templates/openssl.cnf @@ -1,3 +1,6 @@ +# You have to copy the settings to the system-wide +# OpenSSL configuration (usually /etc/ssl/openssl.cnf + [CA_{{slug}}] default_crl_days = {{revocation_list_lifetime}} default_days = {{certificate_lifetime}} @@ -38,3 +41,4 @@ emailAddress = optional basicConstraints = CA:FALSE keyUsage = nonRepudiation,digitalSignature,keyEncipherment extendedKeyUsage = clientAuth +