10
10
db_settitle make-ssl-cert/title
12
templates="countryname statename localityname organisationname ouname hostname email"
14
for i in $templates; do
16
while [ "x$RET" = "x" ]; do
17
db_fset make-ssl-cert/$i seen false
18
db_input high make-ssl-cert/$i || true
20
db_get make-ssl-cert/$i
24
db_get make-ssl-cert/countryname
26
db_fset make-ssl-cert/countryname seen false
28
db_get make-ssl-cert/statename
30
db_fset make-ssl-cert/statename seen false
32
db_get make-ssl-cert/localityname
34
db_fset make-ssl-cert/localityname seen false
36
db_get make-ssl-cert/organisationname
37
OrganisationName="$RET"
38
db_fset make-ssl-cert/organisationname seen false
40
db_get make-ssl-cert/ouname
42
db_fset make-ssl-cert/ouname seen false
44
db_get make-ssl-cert/hostname
46
db_fset make-ssl-cert/hostname seen false
48
db_get make-ssl-cert/email
50
db_fset make-ssl-cert/email seen false
13
while [ "x$RET" = "x" ]; do
14
db_fset make-ssl-cert/hostname seen false
15
db_input high make-ssl-cert/hostname || true
17
db_get make-ssl-cert/hostname
20
db_get make-ssl-cert/hostname
22
db_fset make-ssl-cert/hostname seen false
55
StateName="There is no such thing outside US"
56
LocalityName="Everywhere"
57
OrganisationName="OCOSA"
58
OUName="Office for Complication of Otherwise Simple Affairs"
59
HostName="$(hostname -f || hostname)"
60
Email="root@$HostName"
26
if ! HostName="$(hostname -f)" ; then
27
HostName="$(hostname)"
28
echo make-ssl-cert: Could not get FQDN, using \"$HostName\".
29
echo make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run
30
echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil --force-overwrite'
31
echo make-ssl-cert: again.
63
35
create_temporary_cnf() {
64
sed -e s#@CountryName@#"$CountryName"# \
65
-e s#@StateName@#"$StateName"# \
66
-e s#@LocalityName@#"$LocalityName"# \
67
-e s#@OrganisationName@#"$OrganisationName"# \
68
-e s#@OUName@#"$OUName"# \
69
-e s#@HostName@#"$HostName"# \
70
-e s#@Email@#"$Email"# \
36
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
74
39
# Takes two arguments, the base layout and the output cert.
113
78
# create the certiface.
115
export RANDFILE=/dev/random
117
80
if [ "$1" != "generate-default-snakeoil" ]; then
118
openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1
81
openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -out $output -keyout $output > /dev/null 2>&1
121
84
cd $(dirname $output)
122
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $output)
85
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
124
openssl req -config $TMPFILE -new -x509 -nodes \
87
openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
125
88
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
126
89
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > /dev/null 2>&1
127
90
chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem