From eed72e3f3d8cedd92ea3d888f2ba9a2c24ed70a8 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 20 Oct 2005 17:13:25 +0000 Subject: Generate CSR for external CA as documented at http://wiki.cacert.org/ . --- localmksslcerts | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'localmksslcerts') diff --git a/localmksslcerts b/localmksslcerts index 742a04a..15bc78c 100755 --- a/localmksslcerts +++ b/localmksslcerts @@ -3,7 +3,7 @@ # /usr/local/sbin/localmksslcerts # Copyright 2001-2005 Jonas Smedegaard # -# $Id: localmksslcerts,v 1.21 2005-10-19 19:07:19 jonas Exp $ +# $Id: localmksslcerts,v 1.22 2005-10-20 17:13:25 jonas Exp $ # # Generate certificates for mail (and other) servers # Based on uw-imapd-ssl post-install script @@ -69,7 +69,29 @@ $issuer mkcerthash "$base" } -mkkey() { +mkcertreq() { + base="$1" + domain="$2" + keypath="$SSLKEYDIR/$base.pem" + reqpath="$SSLCERTDIR/$base.csr" + openssl req -nodes -new \ + -keyout "$keypath" \ + -out "$reqpath" > /dev/null 2>&1 <<+ +$cn +$state +$loc +$org +$ou +$domain +$issuer +. +. ++ + chown root:root "$reqpath" + chmod 0640 "$reqpath" +} + +mkselfkey() { filebase="$1" keypath="$SSLKEYDIR/$filebase.pem" openssl genrsa \ @@ -78,7 +100,7 @@ mkkey() { chmod 0600 "$keypath" } -mkcertreq() { +mkselfcertreq() { base="$1" domain="$2" keypath="$SSLKEYDIR/$base.pem" @@ -279,9 +301,7 @@ case "$certtype" in ;; ca) if [ ! -f "$SSLCERTDIR/$fqdn.pem" ] || [ -n "$force" ]; then - echo "Generating host key for \"$fqdn\"..." - mkkey "$fqdn" - echo "Generating certificate request for \"$fqdn\"..." + echo "Generating host key and certificate request for \"$fqdn\"..." mkcertreq "$fqdn" "$fqdn" echo "Certificate request generated: $SSLCERTDIR/$fqdn.csr!" echo @@ -331,9 +351,9 @@ case "$certtype" in mkcacert "$cacert" fi echo "Generating host key for \"$fqdn\"..." - mkkey "$fqdn" + mkselfkey "$fqdn" echo "Generating host certificate for \"$fqdn\"..." - mkcertreq "$fqdn" "$fqdn" + mkselfcertreq "$fqdn" "$fqdn" mkselfcacert "$fqdn" "$fqdn" "$cacert" rm "$SSLCERTDIR/$fqdn.csr" ;; -- cgit v1.2.3