output CA cert for signcsr command (fixes #150)

620c7eb2 · Lukas Schauer · 4e8f944b · 620c7eb2
Commit 620c7eb2 authored May 26, 2016 by Lukas Schauer
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 1 deletion

letsencrypt.sh letsencrypt.sh +22 -1

No files found.
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -667,7 +667,28 @@ command_sign_csr() {
    _exiterr "Could not read certificate signing request ${csrfile}"
  fi

-  sign_csr "$(< "${csrfile}" )"
+  # gen cert
+  certfile="$(_mktemp)"
+  sign_csr "$(< "${csrfile}" )" 3> "${certfile}"
+
+  # get and convert ca cert
+  chainfile="$(_mktemp)"
+  http_request get "$(openssl x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${chainfile}"
+
+  if ! grep -q "BEGIN CERTIFICATE" "${chainfile}"; then
+    openssl x509 -inform DER -in "${chainfile}" -outform PEM -out "${chainfile}"
+  fi
+
+  # output full chain
+  echo "# CERT #" >&3
+  cat "${certfile}" >&3
+  echo >&3
+  echo "# CHAIN #" >&3
+  cat "${chainfile}" >&3
+
+  # cleanup
+  rm "${certfile}"
+  rm "${chainfile}"

  exit 0
 }