Annotation of /trunk/openssl/openssl-make-certs.sh
Parent Directory | Revision Log
Revision 998 -
(hide annotations)
(download)
(as text)
Thu Mar 4 12:50:39 2010 UTC (14 years, 6 months ago) by niro
File MIME type: application/x-sh
File size: 1545 byte(s)
Thu Mar 4 12:50:39 2010 UTC (14 years, 6 months ago) by niro
File MIME type: application/x-sh
File size: 1545 byte(s)
-updated
1 | niro | 996 | #!/bin/sh |
2 | niro | 998 | # $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.2 2010-03-04 12:50:39 niro Exp $ |
3 | niro | 996 | |
4 | niro | 998 | SSLDIR="${SSLDIR-/etc/ssl}" |
5 | SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}" | ||
6 | CERTDIR="${SSLDIR}/certs" | ||
7 | KEYDIR="${SSLDIR}/private" | ||
8 | niro | 996 | CERTNAME="$1" |
9 | niro | 998 | CERTFILE="${CERTDIR}/${CERTNAME}.pem" |
10 | KEYFILE="${KEYDIR}/${CERTNAME}.key" | ||
11 | niro | 996 | |
12 | die() { echo "ERROR: $@"; exit 1; } | ||
13 | |||
14 | usage() | ||
15 | { | ||
16 | echo "Usage:" | ||
17 | echo " $0 [cert-name]" | ||
18 | echo | ||
19 | niro | 998 | echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too." |
20 | niro | 996 | echo |
21 | die "No certificate name given!" | ||
22 | } | ||
23 | |||
24 | # sanity checks | ||
25 | [[ $(id -u) -ne 0 ]] && die "You must be root!" | ||
26 | [[ -z ${CERTNAME} ]] && usage | ||
27 | niro | 998 | [ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!" |
28 | [ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!" | ||
29 | [ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite!" | ||
30 | [ -f ${KEYFILE} ] && die "${KEYFILE} already exists, won't overwrite!" | ||
31 | niro | 996 | |
32 | echo | ||
33 | echo "You may want to setup your default ssl config file first." | ||
34 | echo "Just edit '${SSLCONFIG}'." | ||
35 | echo | ||
36 | echo "Press [Enter] to continue, [CTRL-C] to abort." | ||
37 | read | ||
38 | |||
39 | openssl req -new -x509 -nodes -config ${SSLCONFIG} -out ${CERTFILE} -keyout ${KEYFILE} -days 365 || die "Certificate request failed!" | ||
40 | niro | 998 | # combine cert and keyfile to one cert |
41 | cat ${CERTFILE} ${KEYFILE} > ${CERTFILE} || die "Combine failed!" | ||
42 | niro | 996 | chown root:root ${CERTFILE} ${KEYFILE} || die "Ownership failed!" |
43 | niro | 998 | chmod 0400 ${CERTFILE} ${KEYFILE} || die "Permissions failed!" |
44 | niro | 996 | echo |
45 | openssl x509 -subject -fingerprint -noout -in ${CERTFILE} || die "Fingerprint failed!" |