From b37d61848e087e392fd3b3b52044fe1832c07c1f Mon Sep 17 00:00:00 2001 From: Nicolás Reynolds Date: Sun, 24 Oct 2010 04:44:58 -0300 Subject: Added script for generating self-signed certificates --- README | 8 ++++++- bin/generate_self_signed_cert | 55 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100755 bin/generate_self_signed_cert diff --git a/README b/README index 17647a6..31928a7 100644 --- a/README +++ b/README @@ -9,7 +9,7 @@ * Follow their instructions === Next -* Configure hostname +* Configure hostname => Use valid domain / free network * GPG autoconfiguration - Generate GPG key pairs or install one - {root,main_user}@hostname @@ -19,6 +19,8 @@ (get one from CACert.org) (http://ur1.ca/23a34 solves this, we should apply it to SimpleID) - Generate crontab for remembering to re-create + - Key is located at and linked to /etc/ssl/private/{$hostname,local}.key + - Cert is located at and linked to /etc/ssl/certs/{$hostname,local}.crt * OpenLDAP - Configure domain - Configure address book @@ -33,3 +35,7 @@ Use this category to write down ideas and documentation: http://wiki.parabolagnulinux.org/Category:Parabola_GNU/Social + +== Software to check +* Varnish http://www.varnish-cache.org/ + HTTP Accelerator, for caching web diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert new file mode 100755 index 0000000..bfd3f0c --- /dev/null +++ b/bin/generate_self_signed_cert @@ -0,0 +1,55 @@ +#!/bin/bash +# = Parabola Social +# Generates a self-signed certificate and installs it. +# From: http://www.akadia.com/services/ssh_test_certificate.html + +# This script is released in the Public Domain. + +# Exit status: +# 0 - Everything OK +# 1 - Private key generation failed +# 2 - CSR generation failed +# 3 - Copying the encrypted key failed +# 4 - Private key decryption failed +# 5 - CSR signing failed +# 6 - Linking local key failed +# 7 - Linking local certificate failed + +# Standard Arch's SSL directories +ssl_dir=/etc/ssl +ssl_key_dir=${ssl_dir}/private +ssl_crt_dir=${ssl_dir}/certs + +# Hostname should be already set +hostname=`hostname` + +echo ":: Generating a private key. + The generated file *must not be shared* with anyone. It's private." +openssl genrsa -des3 \ + -out ${ssl_dir}/${hostname}.key 1024 || exit 1 + +echo ":: Generating a Certificate Signing Request. + This can be signed by you or by a Certificate Authority." +openssl req -new \ + -key ${ssl_dir}/${hostname}.key \ + -out ${ssl_dir}/${hostname}.csr || exit 2 + +cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3 + +echo ":: Decrypting the private key..." +openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \ + -out ${ssl_key_dir}/${hostname}.key || exit 4 + +echo ":: Signing the Certificate Signing Request. + This step will generate your self-signed certificate to use on secure connections." +openssl x509 -req \ + -days 365 \ + -in ${ssl_dir}/${hostname}.csr \ + -signkey ${ssl_key_dir}/${hostname}.key \ + -out ${ssl_crt_dir}/${hostname}.crt || exit 5 + +echo ":: Installing private key and certificate into local directories." +ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6 +ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7 + +exit 0 -- cgit v1.2.3-54-g00ecf