1 files changed, 74 insertions, 0 deletions

diff --git a/trunk/create-ssl-certificate b/trunk/create-ssl-certificate
new file mode 100755
index 0000000..954f187
--- /dev/null
+++ b/trunk/create-ssl-certificate
@@ -0,0 +1,74 @@
+#!/bin/sh
+# $Id$
+# helper script for creating ssl certificates
+
+while [ $# -gt 0 ]; do
+    case $1 in
+	   -g) group=$2; shift 2;;
+	   -b) bundle="true"; shift;;
+	    *) args=( ${args[@]:-} $1 ); shift;;
+      esac
+done
+
+pkg=${args[0]}	# name of the package
+num=${args[1]}	# number of packages installed
+srv=${args[2]}	# name of the service
+
+if [ -z "$pkg" -o -z "$num" -o -z "$srv" ]; then
+    echo "usage: $0 [-g <group>] [-b] <pkg name> <num installed> <service>" 1>&2
+    exit 1
+fi
+
+if [ ! -f /etc/pki/tls/private/$srv.pem ]; then 
+    # default values
+    host=$(hostname)
+    KEY_LENGTH=1024
+    CERT_DAYS=365
+    EMAIL_ADDRESS=root@$host
+    COMMON_NAME=$host
+    ORGANISATIONAL_UNIT_NAME="default $srv cert for $host"
+
+    # source configuration
+    if [ -f /etc/sysconfig/ssl ]; then
+	. /etc/sysconfig/ssl
+    fi
+
+    conffile=/tmp/$$
+    keyfile=/etc/pki/tls/private/$srv.pem
+    if [ "$bundle" == true ]; then
+	certfile=$keyfile
+    else
+	certfile=/etc/pki/tls/certs/$srv.pem
+    fi
+
+    # create a temporary configuration file
+    cat > $conffile <<EOF
+default_bits            = $KEY_LENGTH
+encrypt_key             = no
+prompt                  = no
+distinguished_name      = req_dn
+req_extensions          = req_ext
+
+[ req_dn ] 
+commonName              = $COMMON_NAME
+organizationalUnitName  = $ORGANISATIONAL_UNIT_NAME
+emailAddress            = $EMAIL_ADDRESS
+
+[ req_ext ]
+basicConstraints        = CA:FALSE
+EOF
+    
+    # generate certificates
+    openssl req -new -x509 -days $CERT_DAYS \
+        -config $conffile \
+        -keyout $keyfile \
+        -out $certfile >/dev/null
+
+    # enforce strict perms on key
+    if [ -n "$group" ]; then
+	chmod 640 $keyfile
+	chgrp $group $keyfile
+    else
+	chmod 600 $keyfile
+    fi
+fi