1 |
#!/bin/sh |
#!/bin/sh |
2 |
# $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.1 2010-03-04 00:34:31 niro Exp $ |
# $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.3 2010-03-04 15:49:23 niro Exp $ |
3 |
|
|
4 |
SSLCONFIG="${SSLCONFIG-/etc/ssl/openssl.cnf}" |
SSLDIR="${SSLDIR-/etc/ssl}" |
5 |
CERTDIR="${CERTDIR-/etc/ssl/certs}" |
SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}" |
6 |
|
CERTDIR="${SSLDIR}/certs" |
7 |
|
KEYDIR="${SSLDIR}/private" |
8 |
CERTNAME="$1" |
CERTNAME="$1" |
9 |
|
CERTFILE="${CERTDIR}/${CERTNAME}.pem" |
10 |
|
KEYFILE="${KEYDIR}/${CERTNAME}.key" |
11 |
|
|
12 |
die() { echo "ERROR: $@"; exit 1; } |
die() { echo "ERROR: $@"; exit 1; } |
13 |
|
|
16 |
echo "Usage:" |
echo "Usage:" |
17 |
echo " $0 [cert-name]" |
echo " $0 [cert-name]" |
18 |
echo |
echo |
19 |
echo "The environment variables \$SSLCONFIG and \$CERTDIR wil be respected too." |
echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too." |
20 |
echo |
echo |
21 |
die "No certificate name given!" |
die "No certificate name given!" |
22 |
} |
} |
24 |
# sanity checks |
# sanity checks |
25 |
[[ $(id -u) -ne 0 ]] && die "You must be root!" |
[[ $(id -u) -ne 0 ]] && die "You must be root!" |
26 |
[[ -z ${CERTNAME} ]] && usage |
[[ -z ${CERTNAME} ]] && usage |
27 |
|
[ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!" |
28 |
CERTFILE="${CERTDIR}/${CERTNAME}.pem" |
[ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!" |
29 |
KEYFILE="${CERTDIR}/${CERTNAME}.key" |
[ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite!" |
30 |
|
[ -f ${KEYFILE} ] && die "${KEYFILE} already exists, won't overwrite!" |
31 |
|
|
32 |
echo |
echo |
33 |
echo "You may want to setup your default ssl config file first." |
echo "You may want to setup your default ssl config file first." |
37 |
read |
read |
38 |
|
|
39 |
openssl req -new -x509 -nodes -config ${SSLCONFIG} -out ${CERTFILE} -keyout ${KEYFILE} -days 365 || die "Certificate request failed!" |
openssl req -new -x509 -nodes -config ${SSLCONFIG} -out ${CERTFILE} -keyout ${KEYFILE} -days 365 || die "Certificate request failed!" |
40 |
|
# combine cert and keyfile to one cert |
41 |
|
cat ${CERTFILE} ${KEYFILE} > ${CERTFILE}.combined || die "Combine [cat] failed!" |
42 |
|
rm ${CERTFILE} || die "Combine [rm] failed!" |
43 |
|
mv ${CERTFILE}{.combined,} || die "Combine [mv] failed!" |
44 |
chown root:root ${CERTFILE} ${KEYFILE} || die "Ownership failed!" |
chown root:root ${CERTFILE} ${KEYFILE} || die "Ownership failed!" |
45 |
chmod 0600 ${CERTFILE} ${KEYFILE} || die "Permissions failed!" |
chmod 0400 ${CERTFILE} ${KEYFILE} || die "Permissions failed!" |
46 |
echo |
echo |
47 |
openssl x509 -subject -fingerprint -noout -in ${CERTFILE} || die "Fingerprint failed!" |
openssl x509 -subject -fingerprint -noout -in ${CERTFILE} || die "Fingerprint failed!" |