From 6e7009e9e6c40cd4944415615499afa089918087 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jbjohnso@us.ibm.com>
Date: Fri, 11 Apr 2014 14:13:08 -0400
Subject: [PATCH] Backdate the CA certificate itself

---
 xCAT-server/share/xcat/scripts/setup-xcat-ca.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/xCAT-server/share/xcat/scripts/setup-xcat-ca.sh b/xCAT-server/share/xcat/scripts/setup-xcat-ca.sh
index 9f2d9f4a6..cd13882db 100755
--- a/xCAT-server/share/xcat/scripts/setup-xcat-ca.sh
+++ b/xCAT-server/share/xcat/scripts/setup-xcat-ca.sh
@@ -30,5 +30,9 @@ sed -e "s@##XCATCADIR##@$XCATCADIR@" $XCATROOT/share/xcat/ca/openssl.cnf.tmpl >
 cp $XCATROOT/share/xcat/ca/Makefile $XCATCADIR/
 cd $XCATCADIR
 make init
-openssl req -nodes -config openssl.cnf -days 7300 -x509 -newkey rsa:2048 -out ca-cert.pem -extensions v3_ca -outform PEM -subj /CN="$CNA"
+#openssl req -nodes -config openssl.cnf -days 7300 -x509 -newkey rsa:2048 -out ca-cert.pem -extensions v3_ca -outform PEM -subj /CN="$CNA"
+openssl genrsa -out private/ca-key.pem 2048
+chmod 600 private/ca-key.pem
+openssl req -new -key private/ca-key.pem -config openssl.cnf -out ca-req.csr -subj /CN="$CNA" -outform PEM
+openssl ca -selfsign -keyfile private/ca-key.pem -in ca-req.csr -startdate 19700101010101Z -days 7305 -extensions v3_ca -config openssl.cnf -out ca-cert.pem
 cd -