Fix issue with CA serial params

Should always provide CAserial, but should only provide CAcreateserial if file does not exist. Should probably fix permissions issue mentioned in the comments when attempting to create certificate.
2026-02-05 00:20:08 +01:00 · 2019-04-08 17:27:56 +09:00
parent 1e3e37179b
commit e336ebc12f
1 changed files with 5 additions and 5 deletions
--- a/cli/Valet/Site.php
+++ b/cli/Valet/Site.php
@@ -299,20 +299,20 @@ function createCertificate($url)
        $this->createPrivateKey($keyPath);
        $this->createSigningRequest($url, $keyPath, $csrPath, $confPath);

-        $caSrlParam = ' -CAcreateserial';
-        if ($this->files->exists($caSrlPath)) {
-            $caSrlParam = ' -CAserial ' . $caSrlPath;
+        $caSrlParam = '-CAserial ' . $caSrlPath;
+        if (! $this->files->exists($caSrlPath)) {
+            $caSrlParam .= ' -CAcreateserial';
        }

        $result = $this->cli->runAsUser(sprintf(
-            'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s"%s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
+            'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
            $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
        ));

        // If cert could not be created using runAsUser(), use run().
        if (strpos($result, 'Permission denied')) {
            $this->cli->run(sprintf(
-                'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s"%s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
+                'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
                $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
            ));
        }