diff options
Diffstat (limited to 'trunk/create-ssl-certificate')
-rwxr-xr-x | trunk/create-ssl-certificate | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/trunk/create-ssl-certificate b/trunk/create-ssl-certificate new file mode 100755 index 0000000..954f187 --- /dev/null +++ b/trunk/create-ssl-certificate @@ -0,0 +1,74 @@ +#!/bin/sh +# $Id$ +# helper script for creating ssl certificates + +while [ $# -gt 0 ]; do + case $1 in + -g) group=$2; shift 2;; + -b) bundle="true"; shift;; + *) args=( ${args[@]:-} $1 ); shift;; + esac +done + +pkg=${args[0]} # name of the package +num=${args[1]} # number of packages installed +srv=${args[2]} # name of the service + +if [ -z "$pkg" -o -z "$num" -o -z "$srv" ]; then + echo "usage: $0 [-g <group>] [-b] <pkg name> <num installed> <service>" 1>&2 + exit 1 +fi + +if [ ! -f /etc/pki/tls/private/$srv.pem ]; then + # default values + host=$(hostname) + KEY_LENGTH=1024 + CERT_DAYS=365 + EMAIL_ADDRESS=root@$host + COMMON_NAME=$host + ORGANISATIONAL_UNIT_NAME="default $srv cert for $host" + + # source configuration + if [ -f /etc/sysconfig/ssl ]; then + . /etc/sysconfig/ssl + fi + + conffile=/tmp/$$ + keyfile=/etc/pki/tls/private/$srv.pem + if [ "$bundle" == true ]; then + certfile=$keyfile + else + certfile=/etc/pki/tls/certs/$srv.pem + fi + + # create a temporary configuration file + cat > $conffile <<EOF +default_bits = $KEY_LENGTH +encrypt_key = no +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[ req_dn ] +commonName = $COMMON_NAME +organizationalUnitName = $ORGANISATIONAL_UNIT_NAME +emailAddress = $EMAIL_ADDRESS + +[ req_ext ] +basicConstraints = CA:FALSE +EOF + + # generate certificates + openssl req -new -x509 -days $CERT_DAYS \ + -config $conffile \ + -keyout $keyfile \ + -out $certfile >/dev/null + + # enforce strict perms on key + if [ -n "$group" ]; then + chmod 640 $keyfile + chgrp $group $keyfile + else + chmod 600 $keyfile + fi +fi |