chg: evolved ``ca`` charm, still in beta.

precise/ca/hooks/install

@@ -3,24 +3,39 @@
 set -eux # -x for verbose logging to juju debug-log
 
 
-apt-get install -y kal-manage expect ## this is for ``mkcrt``
+apt-get install -y --force-yes kal-manage expect  ## this is for ``mkcrt``
 
 
 mkdir -p /etc/ssl/ca
 chmod 700 /etc/ssl/ca
 
+## default location of files to manage the certificate of authority
+sed -ri 's%./demoCA%/etc/ssl/ca%g' /etc/ssl/openssl.cnf
+## default validity period for a certificate extended to 10 years
+sed -ri 's%(default_days\s*= *)365%\13650%g' /etc/ssl/openssl.cnf
 
-## edit SSL:
-#edition des champs par défaut : dont la date de validité par défaut
-#de 5 ans.
-#-> $dir = /etc/ssl/ca  (2 chgt !!)
+## And edit: /usr/lib/ssl/misc/CA.pl
+sed -ri 's%./demoCA%/etc/ssl/ca%g'   /usr/lib/ssl/misc/CA.pl
+sed -ri 's%-days 365%-days 3650%g'   /usr/lib/ssl/misc/CA.pl
+sed -ri 's%-days 1095%-days 10950%g' /usr/lib/ssl/misc/CA.pl
 
 
-## And edit: /usr/lib/ssl/misc/CA.pl  (CATOP variable)
+ca="/etc/ssl/ca"
+
+# from /usr/lib/ssl/misc/CA.pl -newca
+mkdir $ca/{certs,crl,newcerts,private}
+touch $ca/index.txt
+echo "01" > $ca/crlnumber
+
+
+## Will require to set the CA password, and some general INFO.
+#openssl req -new -keyout $ca/private/cakey.pem -out $ca/careq.pem
+
+##
+#openssl ca -create_serial -out $ca/cacert.pem -days 10950 -batch -keyfile $ca/private/cakey.pem -selfsign -extensions v3_ca -infiles $ca/careq.pem
+
 
-## Then, automatise with expect:
 
-# /usr/lib/ssl/misc/CA.pl -newca
 
 mkdir -p /etc/ssl/keys
 chmod 700 /etc/ssl/keys -R