From 2b475a8e1df791a4f2349c6a47a6893bb6b22d8f Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillomovitch@mandriva.org>
Date: Thu, 28 Jun 2007 22:36:29 +0000
Subject: initial import

---
 create-ssl-certificate | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100755 create-ssl-certificate

(limited to 'create-ssl-certificate')

diff --git a/create-ssl-certificate b/create-ssl-certificate
new file mode 100755
index 0000000..595a439
--- /dev/null
+++ b/create-ssl-certificate
@@ -0,0 +1,56 @@
+#!/bin/sh
+# $Id$
+# helper script for creating ssl certificates
+
+if [ $# -lt 3 ]; then
+    echo "usage: $0 <pkg name> <num installed> <service> <bundle> <group>" 1>&2
+    exit 1
+fi
+
+pkg=$1		# name of the package
+num=$2		# number of packages installed
+srv=$3		# name of the service
+bundle=$4	# bundle mode
+group=$5	# group with read access on key
+
+if [ $num = 1 ]; then
+    host=$(hostname)
+    conffile=/tmp/$$
+    keyfile=/etc/pki/tls/private/$pkg.pem
+    if [ "$bundle" == true ]; then
+	certfile=$keyfile
+    else
+	certfile=/etc/pki/tls/certs/$pkg.pem
+    fi
+
+    # create a temporary configuration file
+    cat > $conffile <<EOF
+default_bits            = 1024
+encrypt_key             = no
+prompt                  = no
+distinguished_name      = req_dn
+req_extensions          = req_ext
+
+[ req_dn ] 
+commonName              = $host
+organizationalUnitName  = default $srv cert for $host
+emailAddress            = root@$host
+
+[ req_ext ]
+basicConstraints        = CA:FALSE
+EOF
+    
+    # generate certificates
+    openssl req -new -x509 -days 365 \
+        -config $conffile \
+        -keyout $keyfile \
+        -out $certfile >/dev/null 2>&1
+
+    # enforce strict perms on key
+    if [ -n "$group" ]; then
+	chmod 640 $keyfile
+	chgrp $group $keyfile
+    else
+	chmod 600 $keyfile
+    fi
+fi
-- 
cgit v1.2.1