From fd83a01cf7afd1975af749d57f02fc4c565535f7 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 6 Nov 2018 12:06:52 -0500
Subject: [PATCH] handle key generation differently

---
 script/make-test-cac | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/script/make-test-cac b/script/make-test-cac
index 0f8b3147..53f302cb 100755
--- a/script/make-test-cac
+++ b/script/make-test-cac
@@ -13,20 +13,20 @@ set -e
 
 SAN="subjectAltName=email:$2"
 
+openssl genrsa -out $3.key 2048
+
 CSR=$(openssl req \
   -new \
-  -newkey rsa:4096 \
-  -sha256 \
   -nodes \
-  -days 365 \
   -subj "/CN=$1" \
   -reqexts SAN \
   -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo $SAN) \
-  -keyout $3.key )
+  -key $3.key )
 
 openssl x509 \
   -req \
   -in <(echo "$CSR") \
+  -days 365 \
   -CA "ssl/client-certs/client-ca.crt" \
   -CAkey "ssl/client-certs/client-ca.key" \
   -CAcreateserial \