diff options
| author | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-24 04:44:58 -0300 |
|---|---|---|
| committer | Nicolás Reynolds <fauno@kiwwwi.com.ar> | 2010-10-24 04:44:58 -0300 |
| commit | b37d61848e087e392fd3b3b52044fe1832c07c1f (patch) | |
| tree | bf8f4c43357d2cb4c1b081e445824bab2b10bbbf | |
| parent | ac73c60baa0cc108b29b2a2e87407a0439c340c3 (diff) | |
Added script for generating self-signed certificates
| -rw-r--r-- | README | 8 | ||||
| -rwxr-xr-x | bin/generate_self_signed_cert | 55 |
2 files changed, 62 insertions, 1 deletions
@@ -9,7 +9,7 @@ * Follow their instructions === Next -* Configure hostname +* Configure hostname => Use valid domain / free network * GPG autoconfiguration - Generate GPG key pairs or install one - {root,main_user}@hostname @@ -19,6 +19,8 @@ (get one from CACert.org) (http://ur1.ca/23a34 solves this, we should apply it to SimpleID) - Generate crontab for remembering to re-create + - Key is located at and linked to /etc/ssl/private/{$hostname,local}.key + - Cert is located at and linked to /etc/ssl/certs/{$hostname,local}.crt * OpenLDAP - Configure domain - Configure address book @@ -33,3 +35,7 @@ Use this category to write down ideas and documentation: http://wiki.parabolagnulinux.org/Category:Parabola_GNU/Social + +== Software to check +* Varnish http://www.varnish-cache.org/ + HTTP Accelerator, for caching web diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert new file mode 100755 index 0000000..bfd3f0c --- /dev/null +++ b/bin/generate_self_signed_cert @@ -0,0 +1,55 @@ +#!/bin/bash +# = Parabola Social +# Generates a self-signed certificate and installs it. +# From: http://www.akadia.com/services/ssh_test_certificate.html + +# This script is released in the Public Domain. + +# Exit status: +# 0 - Everything OK +# 1 - Private key generation failed +# 2 - CSR generation failed +# 3 - Copying the encrypted key failed +# 4 - Private key decryption failed +# 5 - CSR signing failed +# 6 - Linking local key failed +# 7 - Linking local certificate failed + +# Standard Arch's SSL directories +ssl_dir=/etc/ssl +ssl_key_dir=${ssl_dir}/private +ssl_crt_dir=${ssl_dir}/certs + +# Hostname should be already set +hostname=`hostname` + +echo ":: Generating a private key. + The generated file *must not be shared* with anyone. It's private." +openssl genrsa -des3 \ + -out ${ssl_dir}/${hostname}.key 1024 || exit 1 + +echo ":: Generating a Certificate Signing Request. + This can be signed by you or by a Certificate Authority." +openssl req -new \ + -key ${ssl_dir}/${hostname}.key \ + -out ${ssl_dir}/${hostname}.csr || exit 2 + +cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3 + +echo ":: Decrypting the private key..." +openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \ + -out ${ssl_key_dir}/${hostname}.key || exit 4 + +echo ":: Signing the Certificate Signing Request. + This step will generate your self-signed certificate to use on secure connections." +openssl x509 -req \ + -days 365 \ + -in ${ssl_dir}/${hostname}.csr \ + -signkey ${ssl_key_dir}/${hostname}.key \ + -out ${ssl_crt_dir}/${hostname}.crt || exit 5 + +echo ":: Installing private key and certificate into local directories." +ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6 +ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7 + +exit 0 |