Search
j0ke.net Open Build Service
>
Projects
>
oldschool
>
apache
> generate_modssl_test_certificate
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File generate_modssl_test_certificate of Package apache
#!/bin/bash # Peter Poeml poeml@suse.de # # Script to generate ssl keys for mod_ssl, without requiring user input # most of it is copied from mkcert.sh of the mod_ssl distribution # r=$ROOT . $r/etc/rc.config openssl=$r/usr/bin/openssl sslcrtdir=$r/etc/httpd/ssl.crt sslcsrdir=$r/etc/httpd/ssl.csr sslkeydir=$r/etc/httpd/ssl.key sslprmdir=$r/etc/httpd/ssl.prm $openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/server.key 1024 cat >$r/root/.mkcert.cfg <<EOT [ req ] default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass [ req_distinguished_name ] C = XY ST = Snake Desert L = Snake Town O = Snake Oil, Ltd OU = Webserver Team CN = $FQHOSTNAME emailAddress = root@$FQHOSTNAME [ req_attributes ] challengePassword = $RANDOM$RANDOMA challenge password EOT $openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/server.key -out $sslcsrdir/server.csr #$openssl req -new -key $sslkeydir/server.key -out $sslcsrdir/server.csr cat >$r/root/.mkcert.cfg <<EOT extensions = x509v3 [ x509v3 ] subjectAltName = email:copy nsComment = "mod_ssl generated test server certificate" nsCertType = server EOT test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial $openssl x509 \ -extfile $r/root/.mkcert.cfg \ -days 2000 \ -CAserial $r/root/.mkcert.serial \ -CA $sslcrtdir/snakeoil-ca-rsa.crt \ -CAkey $sslkeydir/snakeoil-ca-rsa.key \ -in $sslcsrdir/server.csr -req \ -out $sslcrtdir/server.crt rm -f $r/root/.mkcert.cfg echo "Verify: matching certificate & key modulus" modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/server.crt | sed -e 's;.*Modulus=;;'` modkey=`$openssl rsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Modulus=;;'` if [ ".$modcrt" != ".$modkey" ]; then echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 exit 1 fi echo "Verify: matching certificate signature" $openssl verify -CAfile $sslcrtdir/snakeoil-ca-rsa.crt $sslcrtdir/server.crt if [ $? -ne 0 ]; then echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 exit 1 fi exit 0
