diff options
author | Eric Hameleers <alien@slackware.com> | 2006-03-04 00:58:59 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2006-03-04 00:58:59 +0000 |
commit | bdc1e48ca52bd959b27b30e03169c3a860330963 (patch) | |
tree | 68d872802932e309d0c52169ec7d38678e8fdbf2 /partimage/build/makecertificate.sh | |
parent | a20cc40fd85abd465ae19bb17a12b15ae79769a9 (diff) | |
download | asb-bdc1e48ca52bd959b27b30e03169c3a860330963.tar.gz asb-bdc1e48ca52bd959b27b30e03169c3a860330963.tar.xz |
Initial revision
Diffstat (limited to 'partimage/build/makecertificate.sh')
-rw-r--r-- | partimage/build/makecertificate.sh | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/partimage/build/makecertificate.sh b/partimage/build/makecertificate.sh new file mode 100644 index 00000000..8dcb99db --- /dev/null +++ b/partimage/build/makecertificate.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +# +# This script creates the certificate that partimaged needs for SSL-encrypted +# client connections. +# The script will ask a few questions for which the default answer would +# suffice, but you may enter whatever you like better. +# The script will also ask for a passphrase to protect the partimaged key with. +# Do not choose a passphrase that is too short (less than 6 characters)! +# + +opensslpath="/usr/bin/openssl" +partconfdir="/etc/partimaged" +partuser=partimag + +# Create certificate for SSL connections +if test -x ${opensslpath} ; then + if test ! -f ${partconfdir}/partimaged.cert ; then + echo "generating certificate for partimage/partimaged ssl:" + mkdir -p ${partconfdir} >/dev/null + touch ${partconfdir}/privkey.pem + rm -f ${partconfdir}/privkey.pem + ${opensslpath} req -new -x509 -outform PEM \ + -keyout ${partconfdir}/privkey.pem > ${partconfdir}/partimaged.csr + ${opensslpath} rsa -in ${partconfdir}/privkey.pem \ + -out ${partconfdir}/partimaged.key + rm -f ${partconfdir}/privkey.pem + ${opensslpath} x509 -in ${partconfdir}/partimaged.csr -out \ + ${partconfdir}/partimaged.cert -signkey ${partconfdir}/partimaged.key + rm ${partconfdir}/partimaged.csr + chmod 600 ${partconfdir}/partimaged.key + chmod 600 ${partconfdir}/partimaged.cert + chown ${partuser}:root ${partconfdir}/partimaged.key + chown ${partuser}:root ${partconfdir}/partimaged.cert + else + echo "Found existing certificate; no new certificate will be generated." + fi +else + echo "SSL support not found; no certificate can be generated." +fi + |