diff options
| author | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-24 05:39:23 -0300 |
|---|---|---|
| committer | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-24 05:39:23 -0300 |
| commit | 09d545a26b51c8eea72d2949f06cc70cc42a74eb (patch) | |
| tree | cadd20e6fb86ec9dc311f635a5884b7d3fb3c3b5 | |
| parent | 29cb588ab383ea95b534d1e1d31ad39734ac6edd (diff) | |
Added error checking and logging to certificate generation
| -rwxr-xr-x | bin/generate_self_signed_cert | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert index bfd3f0c..0aea6f8 100755 --- a/bin/generate_self_signed_cert +++ b/bin/generate_self_signed_cert @@ -20,25 +20,46 @@ ssl_dir=/etc/ssl ssl_key_dir=${ssl_dir}/private ssl_crt_dir=${ssl_dir}/certs +log_file=/tmp/certificate_$$.log + # Hostname should be already set hostname=`hostname` echo ":: Generating a private key. The generated file *must not be shared* with anyone. It's private." openssl genrsa -des3 \ - -out ${ssl_dir}/${hostname}.key 1024 || exit 1 + -out ${ssl_dir}/${hostname}.key 1024 2>> ${log_file} || { + echo " [FAILED]" + exit 1 +} +# TODO Can this be autofilled? echo ":: Generating a Certificate Signing Request. - This can be signed by you or by a Certificate Authority." + This can be signed by you or by a Certificate Authority. + Most important thing to complete here is the Common Name, + that is, the full hostname of your machine as will be + accesed from internet (ie. yoursocialmachine.sometld). + + In short, you have to type the hostname you already configured + and leave the challenge password empty. Go ahead!" openssl req -new \ -key ${ssl_dir}/${hostname}.key \ - -out ${ssl_dir}/${hostname}.csr || exit 2 + -out ${ssl_dir}/${hostname}.csr || { + echo " [FAILED]" + exit 2 +} -cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3 +cp ${ssl_dir}/${hostname}.key{,.encrypted} >> ${log_file} 2>&1 || { + echo " [FAILED]" + exit 3 +} echo ":: Decrypting the private key..." openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \ - -out ${ssl_key_dir}/${hostname}.key || exit 4 + -out ${ssl_key_dir}/${hostname}.key >> ${log_file} 2>&1 || { + echo " [FAILED]" + exit 4 +} echo ":: Signing the Certificate Signing Request. This step will generate your self-signed certificate to use on secure connections." @@ -46,10 +67,24 @@ openssl x509 -req \ -days 365 \ -in ${ssl_dir}/${hostname}.csr \ -signkey ${ssl_key_dir}/${hostname}.key \ - -out ${ssl_crt_dir}/${hostname}.crt || exit 5 + -out ${ssl_crt_dir}/${hostname}.crt >> ${log_file} 2>&1 || { + echo " [FAILED]" + exit 5 +} + +echo ":: Installing private key and certificate into local directories..." +ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key >> ${log_file} 2>&1 || { + echo " [FAILED]" + exit 6 +} + +ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt >> ${log_file} 2>&1 || { + echo " [FAILED]" + exit 7 +} -echo ":: Installing private key and certificate into local directories." -ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6 -ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7 +chmod 400 ${ssl_key_dir}/${hostname}.key +chmod 444 ${ssl_crt_dir}/${hostname}.crt +echo ":: Everything went fine!" exit 0 |