projects
/
apache2-cn.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Dodana preporuka za mod-security-cn, azuriran changelog.
[apache2-cn.git]
/
carnet-generate-ssl
diff --git
a/carnet-generate-ssl
b/carnet-generate-ssl
index
34af61f
..
7f618ba
100755
(executable)
--- a/
carnet-generate-ssl
+++ b/
carnet-generate-ssl
@@
-45,7
+45,7
@@
cd /etc/ssl
#
if [ ! -f ${sslkey}/apache2-ca.key ]; then
#
if [ ! -f ${sslkey}/apache2-ca.key ]; then
- openssl genrsa -out ${sslkey}/apache2-ca.key 1024
+ (umask 077; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
KEYS="${KEYS}
- ${sslkey}/apache2-ca.key"
fi
KEYS="${KEYS}
- ${sslkey}/apache2-ca.key"
fi
@@
-105,7
+105,7
@@
ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
# Generate server certificate
#
# Generate server certificate
#
-openssl genrsa -out ${sslkey}/apache2.key 1024
+(umask 077; openssl genrsa -out ${sslkey}/apache2.key 1024)
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
@@
-134,10
+134,9
@@
cd ${sslcrt}
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
-# Fix file access permissions and group ownership.
+# Fix file access permissions.
#
#
-chgrp www-data ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
-chmod 640 ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+chmod 600 ${sslkey}/apache2-ca.key ${sslkey}/apache2.key
# Cleanup
# Cleanup