Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
apache2.16436
gensslcert
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gensslcert of Package apache2.16436
#!/bin/bash # Peter Poeml <apache@suse.de> # # Script to generate ssl keys for mod_ssl, without requiring user input # most of it is copied from mkcert.sh of the mod_ssl distribution # # XXX This is just a hack, it won't be able to do anything you want! # function usage { cat <<-EOF `basename $0` will generate a test certificate "the quick way", i.e. without interaction. You can change some defaults however. It will overwrite /root/.mkcert.cfg These options are recognized: Default: -C Common name "$name" -N comment "$comment" -c country (two letters, e.g. DE) $C -s state $ST -l city $L -o organisation "$O" -u organisational unit "$U" -n fully qualified domain name $CN (hostname -f) -e email address of webmaster webmaster@$CN -a subject alternative name $altName -y days server cert is valid for $srvdays -Y days CA cert is valid for $CAdays -d run in debug mode -h show usage EOF } test -t && { BRIGHT='[01m'; RED='[31m'; NORMAL='[00m'; } function myecho { echo $BRIGHT$@$NORMAL; } function error { echo $RED$@$NORMAL; } function myexit { error something ugly seems to have happened in line $1...; exit $2; } r=$ROOT . $r/etc/sysconfig/network/config FQHOSTNAME=`hostname -f` fqlength=`echo $FQHOSTNAME|wc -c` if [ $fqlength -gt 63 ]; then FQHOSTNAME=`hostname` fi if [ -z $FQHOSTNAME ]; then FQHOSTNAME='localhost' fi # defaults comment="mod_ssl server certificate" name= C=XY ST=unknown L=unknown U="web server" O="SUSE Linux Web Server" CN=$FQHOSTNAME email=webmaster@$FQHOSTNAME altName=email:copy CAdays=$((365 * 6)) srvdays=$((365 * 2)) while getopts C:N:c:s:l:o:u:n:e:a:y:Y:dh OPT; do case $OPT in C) name=$OPTARG-;; N) comment=$OPTARG;; c) C=$OPTARG;; s) ST=$OPTARG;; l) L=$OPTARG;; u) U=$OPTARG;; o) O=$OPTARG;; n) CN=$OPTARG;; e) email=$OPTARG;; a) altName=$OPTARG;; y) srvdays=$OPTARG;; Y) CAdays=$OPTARG;; d) set -x;; h) usage; exit 2;; *) echo unrecognized option: $OPT; usage; exit 2;; esac done GO_LEFT="\033[80D" GO_MIDDLE="$GO_LEFT\033[15C" for i in comment name C ST L U O CN email altName srvdays CAdays; do eval "echo -e $i\"$GO_MIDDLE\" \$$i;" done openssl=$r/usr/bin/openssl sslcrtdir=$r/etc/apache2/ssl.crt sslcsrdir=$r/etc/apache2/ssl.csr sslkeydir=$r/etc/apache2/ssl.key sslprmdir=$r/etc/apache2/ssl.prm # # CA # echo;myecho creating CA key ... (umask 0377 ; $openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT [ req ] default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass [ req_distinguished_name ] C = $C ST = $ST L = $L O = $O OU = CA CN = $CN emailAddress = $email [ req_attributes ] challengePassword = $RANDOM$RANDOMA challenge password EOT echo;myecho creating CA request/certificate ... (umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?) cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt # # Server CERT # echo;myecho creating server key ... (umask 0377 ; $openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 2048 || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT [ req ] default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass [ req_distinguished_name ] C = $C ST = $ST L = $L O = $O OU = $U CN = $CN emailAddress = $email [ req_attributes ] challengePassword = $RANDOM$RANDOMA challenge password EOT echo;myecho creating server request ... (umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT extensions = x509v3 [ x509v3 ] subjectAltName = $altName nsComment = $comment nsCertType = server EOT test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial myecho "creating server certificate ..." (umask 0377 ; $openssl x509 \ -extfile $r/root/.mkcert.cfg \ -days $srvdays \ -CAserial $r/root/.mkcert.serial \ -CA $sslcrtdir/${name}ca.crt \ -CAkey $sslkeydir/${name}ca.key \ -in $sslcsrdir/${name}server.csr -req \ -out $sslcrtdir/${name}server.crt || myexit $LINENO $?) rm -f $r/root/.mkcert.cfg echo;myecho "Verify: matching certificate & key modulus" modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` if [ ".$modcrt" != ".$modkey" ]; then error "gensslcert:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi echo;myecho Verify: matching certificate signature $openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $? if [ $? -ne 0 ]; then error "gensslcert:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi echo;myecho generating dhparams and appending it to the server certificate file... openssl dhparam 2048 >> $sslcrtdir/${name}server.crt exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor