Don't try to regenerate existing ssl certificates
Rerunning stack.sh after some failure unrelated to ssl setup will fail due to certificates already existing in the CA index. Don't regenerate them instead. This is a workaround making devstack development easier rather than something typical user would run into. Change-Id: Icfd4cb5132c8c9297eb73159e592b7006295184f
This commit is contained in:
Stanislaw Pitucha
parent
c6dc3deb25
commit
2f69c6b853
5
lib/tls
5
lib/tls
@ -231,6 +231,8 @@ function make_cert {
|
||||
local common_name=$3
|
||||
local alt_names=$4
|
||||
|
||||
# Only generate the certificate if it doesn't exist yet on the disk
|
||||
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
|
||||
# Generate a signing request
|
||||
$OPENSSL req \
|
||||
-sha1 \
|
||||
@ -256,6 +258,7 @@ function make_cert {
|
||||
-out $ca_dir/$cert_name.crt \
|
||||
-subj "/O=${ORG_NAME}/OU=${ORG_UNIT_NAME} Servers/CN=${common_name}" \
|
||||
-batch
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -270,6 +273,7 @@ function make_int_CA {
|
||||
create_CA_config $ca_dir 'Intermediate CA'
|
||||
create_signing_config $ca_dir
|
||||
|
||||
if [ ! -r "$ca_dir/cacert.pem" ]; then
|
||||
# Create a signing certificate request
|
||||
$OPENSSL req -config $ca_dir/ca.conf \
|
||||
-sha1 \
|
||||
@ -287,6 +291,7 @@ function make_int_CA {
|
||||
-in $ca_dir/cacert.csr \
|
||||
-out $ca_dir/cacert.pem \
|
||||
-batch
|
||||
fi
|
||||
}
|
||||
|
||||
# Make a root CA to sign other CAs
|
||||
|
||||
Loading…
Reference in New Issue
Block a user