summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
d03328f)
Fix for ticket #3329, carnet-generate-ssl script.
Small changes in debian/config.
-TMPFILE=`tempfile -d /var/tmp -p apache2-cn`
-TMPFILE2=`tempfile -d /var/tmp -p apache2-cn`
+if [ -z "$4" ]; then
+ echo "Usage: $0 <confdir> <fqdn> <email> <org>"
+ echo
+ echo " confdir is ignored"
+ echo " fqdn is the fully qualified name of the web server"
+ echo " email address that will appear in the certificate"
+ echo " org is the organization name"
+ exit 2
+fi
-trap "rm -f $TMPFILE $TMPFILE2" 1 2 15;
+# Get/set all parameters.
+#
CONFDIR="$1"
FQDN="$2"
WEBMASTER="$3"
CONFDIR="$1"
FQDN="$2"
WEBMASTER="$3"
sslcrt=/etc/ssl/certs
sslkey=/etc/ssl/private
A2CNDIR=$(dirname $0)
sslcrt=/etc/ssl/certs
sslkey=/etc/ssl/private
A2CNDIR=$(dirname $0)
-if [ -z "$4" ]; then
- echo "Usage: $0 <confdir> <fqdn> <email> <org>"
- echo
- echo " confdir is ignored"
- echo " fqdn is the fully qualified name of the web server"
- echo " email address that will appear in the certificate"
- echo " org is the organization name"
- exit 2
-fi
-# XXX validate the arguments
+# Create temporary files.
+#
+TMPFILE=`tempfile -d /var/tmp -p apache2-cn`
+TMPFILE2=`tempfile -d /var/tmp -p apache2-cn`
+
+
+# Set trap for deleting all temp files.
+#
+trap "rm -f $TMPFILE $TMPFILE2" 1 2 15;
+
export RANDFILE=/dev/urandom
cd /etc/ssl
export RANDFILE=/dev/urandom
cd /etc/ssl
if [ ! -f ${sslkey}/ca.key ]; then
if [ ! -f ${sslkey}/ca.key ]; then
-# CA
-openssl genrsa -out $sslkey/ca.key 1024
-cat <<EOF > $TMPFILE
+
+ openssl genrsa -out ${sslkey}/ca.key 1024
+ KEYS="${KEYS}
+ - ${sslkey}/ca.key"
+fi
+
+if [ ! -f ${sslkey}/ca.csr ] || [ -n "$KEYS" ]; then
+
+ cat <<EOF > $TMPFILE
[ req ]
default_bits = 1024
default_keyfile = ca.pem
[ req ]
default_bits = 1024
default_keyfile = ca.pem
-openssl req -config $TMPFILE -new -key ${sslkey}/ca.key -out ${sslkey}/ca.csr
-cat >$TMPFILE <<EOT
+
+ openssl req -config $TMPFILE -new -key ${sslkey}/ca.key -out ${sslkey}/ca.csr
+fi
+
+if [ ! -f ${sslcrt}/ca.pem ] || [ -n "$KEYS" ]; then
+
+ cat >$TMPFILE <<EOT
extensions = x509v3
[ x509v3 ]
subjectAltName = email:copy
extensions = x509v3
[ x509v3 ]
subjectAltName = email:copy
nsComment = "CARNet apache2-cn package generated custom CA certificate"
nsCertType = sslCA
EOT
nsComment = "CARNet apache2-cn package generated custom CA certificate"
nsCertType = sslCA
EOT
-openssl x509 -extfile $TMPFILE -days 3651 -signkey ${sslkey}/ca.key \
- -in ${sslkey}/ca.csr -req -out ${sslcrt}/ca.pem
-openssl x509 -noout -modulus -in ${sslcrt}/ca.pem | \
- read mod1
-openssl rsa -noout -modulus -in ${sslkey}/ca.key | \
- read mod2
+
+ openssl x509 -extfile $TMPFILE -days 3651 -signkey ${sslkey}/ca.key \
+ -in ${sslkey}/ca.csr -req -out ${sslcrt}/ca.pem
+
+ KEYS="${KEYS}
+ - ${sslcrt}/ca.pem"
+fi
+
+mod1=`openssl x509 -noout -modulus -in ${sslcrt}/ca.pem`
+mod2=`openssl rsa -noout -modulus -in ${sslkey}/ca.key`
+
if [ "$mod1" != "$mod2" ]; then
if [ "$mod1" != "$mod2" ]; then
- echo "Moduli for CA keys don't match."
- exit 1
+ echo "Moduli for CA keys don't match."
+ exit 1
cd ${sslcrt}
ln -sf ca.pem $(openssl x509 -hash -noout -in ca.pem)
cd ${sslcrt}
ln -sf ca.pem $(openssl x509 -hash -noout -in ca.pem)
-KEYS="${KEYS}
- - ${sslcrt}/ca.pem"
-KEYS="${KEYS}
- - ${sslkey}/ca.key"
-
-fi # CA
+# Generate server certificate
+#
openssl genrsa -out ${sslkey}/apache2.key 1024
openssl genrsa -out ${sslkey}/apache2.key 1024
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
< $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
< $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
openssl req -config "$TMPFILE" -new -nodes \
openssl req -config "$TMPFILE" -new -nodes \
- -key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr
+ -key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr
openssl x509 -extfile "$TMPFILE" -days 3650 \
openssl x509 -extfile "$TMPFILE" -days 3650 \
- -CAserial "$TMPFILE2" -CA ${sslcrt}/ca.pem -CAkey ${sslkey}/ca.key \
- -in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem
-# verify
-openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem | read mod1
-openssl rsa -noout -modulus -in ${sslkey}/apache2.key | read mod2
+ -CAserial "$TMPFILE2" -CA ${sslcrt}/ca.pem -CAkey ${sslkey}/ca.key \
+ -in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem
+
+mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem`
+mod2=`openssl rsa -noout -modulus -in ${sslkey}/apache2.key`
+
if [ "$mod1" != "$mod2" ]; then
if [ "$mod1" != "$mod2" ]; then
- echo "Moduli for server keys don't match."
- exit 1
+ echo "Moduli for server keys don't match."
+ exit 1
cd ${sslcrt}
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
cd ${sslcrt}
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
echo "Successfully generated server key pairs:"
echo "$KEYS"
echo
echo "Successfully generated server key pairs:"
echo "$KEYS"
echo
----------
Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket
----------
Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket
-iz Debian sarge distribucije.
+iz Debian etch distribucije.
Paket dodaje VirtualHost zapise za slijedece webove:
Paket dodaje VirtualHost zapise za slijedece webove:
-U slucaju da korisnik ne zeli WWW VirtualHost, DocumentRoot bit
-ce postavljen u:
+U slucaju da korisnik ne zeli WWW VirtualHost, DocumentRoot ce
+biti postavljen u:
/var/www/stroj.domena.hr
Apache2 moduli koji su automatski ukljuceni:
/var/www/stroj.domena.hr
Apache2 moduli koji su automatski ukljuceni:
* SSL
* rewrite
* userdir
* SSL
* rewrite
* userdir
- -- Dragan Dosen <ddosen@ffzg.hr> Thu, 7 Feb 2008 16:11:17 +0100
+ -- Dragan Dosen <ddosen@ffzg.hr> Sun, 6 Apr 2008 20:28:17 +0200
if [ $has_listen_ssl -eq 1 ]; then
# SSL configuration already exists - no need for SSL certificates.
if [ $has_listen_ssl -eq 1 ]; then
# SSL configuration already exists - no need for SSL certificates.
- db_set apache2-cn/sslcf "X" || true
- db_set apache2-cn/sslckf "X" || true
- db_set apache2-cn/sslccf "X" || true
+ db_set apache2-cn/sslcf "" || true
+ db_set apache2-cn/sslckf "" || true
+ db_set apache2-cn/sslccf "" || true
# SSL certificates information..
SSLCF=1
while [ $SSLCF -eq 1 ]; do
# SSL certificates information..
SSLCF=1
while [ $SSLCF -eq 1 ]; do
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs
-A2PHPINI="/etc/php4/apache2/php.ini"
+A2PHPINI="/etc/php5/apache2/php.ini"
HOST=$(hostname)
FQDN=$(hostname --fqdn)
HOST=$(hostname)
FQDN=$(hostname --fqdn)
-# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl).
+# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
#
if [ -e "$CONF" ]; then
#
if [ -e "$CONF" ]; then
- if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
- cp_echo "CN: Enabling PHP4 module for Apache2 web server."
- a2enmod php4 >/dev/null || true
+ if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
+ cp_echo "CN: Enabling PHP5 module for Apache2 web server."
+ a2enmod php5 >/dev/null || true