--- trunk/openssl/openssl-make-certs.sh 2010/03/04 08:44:21 997 +++ trunk/openssl/openssl-make-certs.sh 2010/03/04 12:50:39 998 @@ -1,9 +1,13 @@ #!/bin/sh -# $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.1 2010-03-04 00:34:31 niro Exp $ +# $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.2 2010-03-04 12:50:39 niro Exp $ -SSLCONFIG="${SSLCONFIG-/etc/ssl/openssl.cnf}" -CERTDIR="${CERTDIR-/etc/ssl/certs}" +SSLDIR="${SSLDIR-/etc/ssl}" +SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}" +CERTDIR="${SSLDIR}/certs" +KEYDIR="${SSLDIR}/private" CERTNAME="$1" +CERTFILE="${CERTDIR}/${CERTNAME}.pem" +KEYFILE="${KEYDIR}/${CERTNAME}.key" die() { echo "ERROR: $@"; exit 1; } @@ -12,7 +16,7 @@ echo "Usage:" echo " $0 [cert-name]" echo - echo "The environment variables \$SSLCONFIG and \$CERTDIR wil be respected too." + echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too." echo die "No certificate name given!" } @@ -20,9 +24,10 @@ # sanity checks [[ $(id -u) -ne 0 ]] && die "You must be root!" [[ -z ${CERTNAME} ]] && usage - -CERTFILE="${CERTDIR}/${CERTNAME}.pem" -KEYFILE="${CERTDIR}/${CERTNAME}.key" +[ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!" +[ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!" +[ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite!" +[ -f ${KEYFILE} ] && die "${KEYFILE} already exists, won't overwrite!" echo echo "You may want to setup your default ssl config file first." @@ -32,7 +37,9 @@ read openssl req -new -x509 -nodes -config ${SSLCONFIG} -out ${CERTFILE} -keyout ${KEYFILE} -days 365 || die "Certificate request failed!" +# combine cert and keyfile to one cert +cat ${CERTFILE} ${KEYFILE} > ${CERTFILE} || die "Combine failed!" chown root:root ${CERTFILE} ${KEYFILE} || die "Ownership failed!" -chmod 0600 ${CERTFILE} ${KEYFILE} || die "Permissions failed!" +chmod 0400 ${CERTFILE} ${KEYFILE} || die "Permissions failed!" echo openssl x509 -subject -fingerprint -noout -in ${CERTFILE} || die "Fingerprint failed!"