diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-07-01 11:21:40 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-07-01 11:21:40 +0000 |
| commit | e50c764d7d11deb754b07fd69473393778526ef4 (patch) | |
| tree | 19bf3a09ff0ef592e1dae923c1a18efff901a8b9 /localmksslcerts | |
| parent | 03b3c816ae20227748e0e506a4e927b036fb96ba (diff) | |
Fix force-creating host cert. Improved error handling.
Diffstat (limited to 'localmksslcerts')
| -rwxr-xr-x | localmksslcerts | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/localmksslcerts b/localmksslcerts index fe17a78..15fa798 100755 --- a/localmksslcerts +++ b/localmksslcerts @@ -3,7 +3,7 @@ # /usr/local/sbin/localmksslcerts # Copyright 2001-2004 Jonas Smedegaard <dr@jones.dk> # -# $Id: localmksslcerts,v 1.15 2004-12-28 22:06:51 jonas Exp $ +# $Id: localmksslcerts,v 1.16 2005-07-01 11:21:40 jonas Exp $ # # Generate certificates for mail (and other) servers # Based on uw-imapd-ssl post-install script @@ -119,34 +119,13 @@ for val in cn state loc; do done if [ -n "$cert" ]; then - if [ ! -f /etc/ssl/certs/$fqdn.pem ] || [ ! -f /etc/ssl/private/$fqdn.pem ]; then + if [ ! -s /etc/ssl/certs/$fqdn.pem ] || [ ! -s /etc/ssl/private/$fqdn.pem ]; then + echo "WARNING: Host certificate for \"$fqdn\" missing..." if [ -z "$cacert" ]; then - echo "ERROR: Host certificate for \"$fqdn\" missing!" + echo "ERROR: The \"--cacert\" option is required when making a host certificate!" exit 1 fi - if [ ! -r /etc/ssl/certs/$cacert.pem ] || [ ! -r /etc/ssl/private/$cacert.pem ]; then - if [ -n "$makeca" ]; then - # Generate private key for CA certificate - cd /etc/ssl/private -#FIXME: Make strength configurable - openssl genrsa -des3 -out $cacert.pem 1024 - chown root:root $cacert.pem - chmod 0400 $cacert.pem - # Generate and pre-fill certification request - cd /etc/ssl/certs -#FIXME: Make validity configurable - openssl req -new \ - -key /etc/ssl/private/$cacert.pem \ - -x509 -days 1095 \ - -out $cacert.pem - # Add hash to certified public certificate and cleanup - ln -sf $cacert.pem `openssl x509 -noout -hash -in $cacert.pem`.0 - else - echo "ERROR: CAcert (certifying authority certificate) missing!" - exit 1 - fi - fi - echo "Generating host certificate for \"$fqdn\"..." + # Cleaning up - if allowed for file in /etc/ssl/private/$fqdn.pem /etc/ssl/certs/$fqdn.csr /etc/ssl/certs/$fqdn.pem; do if [ -e $file ]; then if [ -n "$force" ]; then @@ -157,6 +136,30 @@ if [ -n "$cert" ]; then fi fi done + if [ ! -s /etc/ssl/certs/$cacert.pem ] || [ ! -s /etc/ssl/private/$cacert.pem ]; then + echo "WARNING: CAcert (certifying authority certificate) missing..." + if [ -z "$makeca" ]; then + echo "ERROR: The \"--makeca\" option is required when making a CAcert!" + exit 1 + fi + # Generate private key for CA certificate + echo "Generating CAcert \"$cacert\"..." + cd /etc/ssl/private +#FIXME: Make strength configurable + openssl genrsa -des3 -out $cacert.pem 1024 + chown root:root $cacert.pem + chmod 0400 $cacert.pem + # Generate and pre-fill certification request + cd /etc/ssl/certs +#FIXME: Make validity configurable + openssl req -new \ + -key /etc/ssl/private/$cacert.pem \ + -x509 -days 1095 \ + -out $cacert.pem + # Add hash to certified public certificate and cleanup + ln -sf $cacert.pem `openssl x509 -noout -hash -in $cacert.pem`.0 + fi + echo "Generating host certificate for \"$fqdn\"..." # Generate private key for host certificate cd /etc/ssl/private openssl genrsa -out $fqdn.pem |