2 files changed, 19 insertions(+), 15 deletions(-)

M scripts/issue-cert.sh
M tools/issue-cert

@@ 43,8 43,17 @@ echo "Issuing new certificate for CA: ${CERTIFICATE_AUTHORITY}"
 echo "Hostnames: ${HOSTNAMES}"
 echo ""
 
+COMMON_NAME="damienradtke.com"
+COUNTRY="US"
+STATE="Illinois"
+CITY="Chicago"
+
+CSR="$(cfssl print-defaults csr \
+	| jq --arg common_name "${COMMON_NAME}" --arg country "${COUNTRY}" --arg state "${STATE}" --arg city "${CITY}" \
+	'.CN = $common_name | .hosts = [] | .names[0].C = $country | .names[0].L = $state | .names[0].ST = $city')"
+
 pushd "/etc/ssl/${USER}"
-	echo '{}' \
+	echo "${CSR}" \
 		| cfssl gencert -config /etc/ssl/cfssl.json -hostname "${HOSTNAMES}" -label "${CERTIFICATE_AUTHORITY}" - \
 		| cfssljson -bare "${CERT_NAME}"
 	chmod a-w *.pem

@@ 15,21 15,16 @@ fi
 CA="$1"
 NAME="$2"
 
-# TODO: this doesn't seem to work if the CA wasn't already given these names?
-CSRJSON="$(cat <<EOF
-{
-	"key": {"algo": "rsa", "size": 2048},
-	"CN": "damienradtke.com",
-	"names": [{
-		"C": "US",
-		"ST": "IL",
-		"L": "Chicago"
-	}]
-}
-EOF
-)"
+COMMON_NAME="damienradtke.com"
+COUNTRY="US"
+STATE="Illinois"
+CITY="Chicago"
 
-echo "${CSRJSON}" \
+CSR="$(cfssl print-defaults csr \
+	| jq --arg common_name "${COMMON_NAME}" --arg country "${COUNTRY}" --arg state "${STATE}" --arg city "${CITY}" \
+	'.CN = $common_name | .hosts = [] | .names[0].C = $country | .names[0].L = $state | .names[0].ST = $city')"
+
+echo "${CSR}" \
 	| sudo `which cfssl` gencert -config /etc/ssl/cfssl.json -ca "/etc/ssl/${CA}/ca.pem" -ca-key "/etc/ssl/${CA}/ca-key.pem" - \
 	| cfssljson -bare "${NAME}"