@@ -48,6 +48,8 @@ The available options are:
.br
[\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR]
.br
+[\fB\-u\fR | \fB\-\^\-unique\fR]
+.br
[\fB\-h\fR | \fB\-\^\-help\fR]
.sp
Some options do not apply to every command.
@@ -233,6 +235,13 @@ directories. This option overrides this behavior.
Sets the log file to \fIfile\fR. Default:
\fB@LOGDIR@/ovs\-pki.log\fR.
+.IP "\fB\-u\fR"
+.IQ "\fB\-\^\-unique\fR"
+Changes the format of the certificate's Common Name (CN) field; by
+default, this field has the format "<name> id:<uuid-or-date>", this
+option causes the provided name to be treated as unique and changes
+the format of the CN field to be simply "<name>".
+
.IP "\fB\-h\fR"
.IQ "\fB\-\^\-help\fR"
Prints a help usage message and exits.
@@ -21,6 +21,7 @@ command=
prev=
force=no
batch=no
+unique_name=no
log='@LOGDIR@/ovs-pki.log'
keytype=rsa
bits=2048
@@ -110,6 +111,7 @@ Options that apply to any command:
(default: $pkidir)
-f, --force Continue even if file or directory already exists
-l, --log=FILE Log openssl output to FILE (default: ovs-log.log)
+ -u, --unique NAME is unique (don't append UUID/date)
-h, --help Print this usage message.
-V, --version Display version information.
EOF
@@ -155,6 +157,9 @@ EOF
--ba*|-b)
batch=yes
;;
+ --un*|-u)
+ unique_name=yes
+ ;;
-*)
echo "unrecognized option $option" >&2
exit 1
@@ -429,8 +434,13 @@ make_request() {
must_not_exist "$arg1-privkey.pem"
must_not_exist "$arg1-req.pem"
make_tmpdir
- # Use uuidgen or date to create unique subject DNs.
- unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"`
+ if test $unique_name != yes; then
+ # Use uuidgen or date to create unique subject DNs.
+ unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"`
+ cn="$arg1 id:$unique"
+ else
+ cn="$arg1"
+ fi
cat > "$TMP/req.cnf" <<EOF
[ req ]
prompt = no
@@ -442,7 +452,7 @@ ST = CA
L = Palo Alto
O = Open vSwitch
OU = Open vSwitch certifier
-CN = $arg1 id:$unique
+CN = $cn
EOF
if test $keytype = rsa; then
(umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
For some applications, it is desirable to have full control of the common name field in generated certificates. Add a command-line option to suppress appending " id:<uuid-or-date>" to the user- specified name. Signed-off-by: Lance Richardson <lrichard@redhat.com> --- v3: New patch. utilities/ovs-pki.8.in | 9 +++++++++ utilities/ovs-pki.in | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-)