projects
/
apache2-cn.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
b4be4d9
)
Povecana velicina generiranog kljuca na 2048 bit, manje izmjene.
author
Dragan Dosen
<Dragan.Dosen@CARNet.hr>
Thu, 15 Aug 2013 17:56:26 +0000
(19:56 +0200)
committer
Dragan Dosen
<Dragan.Dosen@CARNet.hr>
Thu, 15 Aug 2013 17:56:26 +0000
(19:56 +0200)
README.CARNet
patch
|
blob
|
history
carnet-generate-ssl
patch
|
blob
|
history
carnet.conf
patch
|
blob
|
history
debian/changelog
patch
|
blob
|
history
debian/postinst
patch
|
blob
|
history
templates/openssl.cnf
patch
|
blob
|
history
diff --git
a/README.CARNet
b/README.CARNet
index
d38f06b
..
1ad99a8
100644
(file)
--- a/
README.CARNet
+++ b/
README.CARNet
@@
-4,14
+4,14
@@
apache2-cn
Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket
iz Debian wheezy distribucije.
Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket
iz Debian wheezy distribucije.
-Paket dodaje VirtualHost zapise za slijedece webove:
+Paket dodaje VirtualHost zapise za sljedece webove:
http://stroj.domena.hr/
http://www.domena.hr/
https://www.domena.hr/
http://stroj.domena.hr/
http://www.domena.hr/
https://www.domena.hr/
-Zadnji web koristi certifikat potpisan sa lokalno generiranim CA
-parom kljuceva. Za sve navedene web stranice DocumentRoot je
+Zadnji web koristi SSL certifikat potpisan s lokalno generiranim
+CA parom kljuceva. Za sve navedene web stranice DocumentRoot je
postavljen tako da se sadrzaj sprema i cita iz
/var/www/www.domena.hr
postavljen tako da se sadrzaj sprema i cita iz
/var/www/www.domena.hr
diff --git
a/carnet-generate-ssl
b/carnet-generate-ssl
index
7f618ba
..
9a17f02
100755
(executable)
--- a/
carnet-generate-ssl
+++ b/
carnet-generate-ssl
@@
-20,8
+20,9
@@
FQDN="$2"
WEBMASTER="$3"
DOMAIN="$4"
WEBMASTER="$3"
DOMAIN="$4"
-sslcrt=/etc/ssl/certs
-sslkey=/etc/ssl/private
+SSLDIR=/etc/ssl
+SSLCRTDIR=${SSLDIR}/certs
+SSLKEYDIR=${SSLDIR}/private
A2CNDIR=$(dirname $0)
KEYS=
A2CNDIR=$(dirname $0)
KEYS=
@@
-38,23
+39,23
@@
trap "rm -f $TMPFILE $TMPFILE2" 1 2 15;
export RANDFILE=/dev/urandom
export RANDFILE=/dev/urandom
-cd /etc/ssl
+cd ${SSLDIR}
# Generate CA
#
# Generate CA
#
-if [ ! -f ${sslkey}/apache2-ca.key ]; then
+if [ ! -f ${SSLKEYDIR}/apache2-ca.key ]; then
- (umask 077; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
+ (umask 077; openssl genrsa -out ${SSLKEYDIR}/apache2-ca.key 2048)
KEYS="${KEYS}
KEYS="${KEYS}
- - ${sslkey}/apache2-ca.key"
+ - ${SSLKEYDIR}/apache2-ca.key"
fi
fi
-if [ ! -f ${sslkey}/apache2-ca.csr ] || [ -n "$KEYS" ]; then
+if [ ! -f ${SSLKEYDIR}/apache2-ca.csr ] || [ -n "$KEYS" ]; then
cat <<EOF > $TMPFILE
[ req ]
cat <<EOF > $TMPFILE
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = apache2-ca.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
default_keyfile = apache2-ca.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@
-70,10
+71,10
@@
emailAddress = $WEBMASTER
EOF
EOF
- openssl req -config $TMPFILE -new -key ${sslkey}/apache2-ca.key -out ${sslkey}/apache2-ca.csr
+ openssl req -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr
fi
fi
-if [ ! -f ${sslcrt}/apache2-ca.pem ] || [ -n "$KEYS" ]; then
+if [ ! -f ${SSLCRTDIR}/apache2-ca.pem ] || [ -n "$KEYS" ]; then
cat >$TMPFILE <<EOT
extensions = x509v3
cat >$TMPFILE <<EOT
extensions = x509v3
@@
-84,41
+85,41
@@
nsComment = "CARNet apache2-cn package generated custom CA certificate"
nsCertType = sslCA
EOT
nsCertType = sslCA
EOT
- openssl x509 -extfile $TMPFILE -days 3651 -signkey ${sslkey}/apache2-ca.key \
- -in ${sslkey}/apache2-ca.csr -req -out ${sslcrt}/apache2-ca.pem
+ openssl x509 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \
+ -in ${SSLKEYDIR}/apache2-ca.csr -req -out ${SSLCRTDIR}/apache2-ca.pem
KEYS="${KEYS}
KEYS="${KEYS}
- - ${sslcrt}/apache2-ca.pem"
+ - ${SSLCRTDIR}/apache2-ca.pem"
fi
fi
-mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2-ca.pem`
-mod2=`openssl rsa -noout -modulus -in ${sslkey}/apache2-ca.key`
+mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem`
+mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2-ca.key`
if [ "$mod1" != "$mod2" ]; then
echo "Moduli for CA keys don't match."
exit 1
fi
if [ "$mod1" != "$mod2" ]; then
echo "Moduli for CA keys don't match."
exit 1
fi
-cd ${sslcrt}
+cd ${SSLCRTDIR}
ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
# Generate server certificate
#
ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
# Generate server certificate
#
-(umask 077; openssl genrsa -out ${sslkey}/apache2.key 1024)
+(umask 077; openssl genrsa -out ${SSLKEYDIR}/apache2.key 2048)
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
< $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
openssl req -config "$TMPFILE" -new -nodes \
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
< $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
openssl req -config "$TMPFILE" -new -nodes \
- -key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr
+ -key ${SSLKEYDIR}/apache2.key -out ${SSLKEYDIR}/apache2.csr
openssl x509 -extfile "$TMPFILE" -days 3650 \
openssl x509 -extfile "$TMPFILE" -days 3650 \
- -CAserial "$TMPFILE2" -CA ${sslcrt}/apache2-ca.pem -CAkey ${sslkey}/apache2-ca.key \
- -in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem
+ -CAserial "$TMPFILE2" -CA ${SSLCRTDIR}/apache2-ca.pem -CAkey ${SSLKEYDIR}/apache2-ca.key \
+ -in ${SSLKEYDIR}/apache2.csr -req -out ${SSLCRTDIR}/apache2.pem
-mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem`
-mod2=`openssl rsa -noout -modulus -in ${sslkey}/apache2.key`
+mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2.pem`
+mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2.key`
if [ "$mod1" != "$mod2" ]; then
echo "Moduli for server keys don't match."
if [ "$mod1" != "$mod2" ]; then
echo "Moduli for server keys don't match."
@@
-126,17
+127,17
@@
if [ "$mod1" != "$mod2" ]; then
fi
KEYS="${KEYS}
fi
KEYS="${KEYS}
- - ${sslcrt}/apache2.pem"
+ - ${SSLCRTDIR}/apache2.pem"
KEYS="${KEYS}
KEYS="${KEYS}
- - ${sslkey}/apache2.key"
+ - ${SSLKEYDIR}/apache2.key"
-cd ${sslcrt}
+cd ${SSLCRTDIR}
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
# Fix file access permissions.
#
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
# Fix file access permissions.
#
-chmod 600 ${sslkey}/apache2-ca.key ${sslkey}/apache2.key
+chmod 600 ${SSLKEYDIR}/apache2-ca.key ${SSLKEYDIR}/apache2.key
# Cleanup
# Cleanup
diff --git
a/carnet.conf
b/carnet.conf
index
eab9aeb
..
fa3482f
100644
(file)
--- a/
carnet.conf
+++ b/
carnet.conf
@@
-17,4
+17,3
@@
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm index.cgi index.pl index.xhtml
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm index.cgi index.pl index.xhtml
</IfModule>
-
diff --git
a/debian/changelog
b/debian/changelog
index
e62a5ff
..
b6a42e1
100644
(file)
--- a/
debian/changelog
+++ b/
debian/changelog
@@
-8,6
+8,8
@@
apache2-cn (2.2.22+1) stable; urgency=low
* Uklonjena datoteka debian/source.lintian-overrides.
* debian/postrm - dodan debhelper token, dodatne izmjene.
* Dodana datoteka debian/source/format.
* Uklonjena datoteka debian/source.lintian-overrides.
* debian/postrm - dodan debhelper token, dodatne izmjene.
* Dodana datoteka debian/source/format.
+ * Datoteke carnet-generate-ssl, templates/openssl.cnf - povecana
+ velicina generiranog kljuca na 2048 bit, manje izmjene.
-- Dragan Dosen <Dragan.Dosen@CARNet.hr> Tue, 13 Aug 2013 10:30:49 +0200
-- Dragan Dosen <Dragan.Dosen@CARNet.hr> Tue, 13 Aug 2013 10:30:49 +0200
diff --git
a/debian/postinst
b/debian/postinst
index
907be26
..
9832c94
100755
(executable)
--- a/
debian/postinst
+++ b/
debian/postinst
@@
-27,7
+27,7
@@
esac
. /usr/share/carnet-tools/functions.sh
PKG="apache2-cn"
. /usr/share/carnet-tools/functions.sh
PKG="apache2-cn"
-VERSION="2.2+1"
+VERSION="2.2.22+1"
CONFDIR="/etc/apache2"
CONF="$CONFDIR/apache2.conf"
A2MODEDIR="$CONFDIR/mods-enabled"
CONFDIR="/etc/apache2"
CONF="$CONFDIR/apache2.conf"
A2MODEDIR="$CONFDIR/mods-enabled"
diff --git
a/templates/openssl.cnf
b/templates/openssl.cnf
index
1b49eb2
..
fe44656
100644
(file)
--- a/
templates/openssl.cnf
+++ b/
templates/openssl.cnf
@@
-1,10
+1,9
@@
#
#
-# custom openssl configuration file
-# based on csr.sh from http://wiki.cacert.org/wiki/VhostTaskForce
+# apache2-cn openssl configuration file
#
[ req ]
#
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = /var/lib/misc/HOST_privatekey.pem
distinguished_name = req_distinguished_name
prompt = no
default_keyfile = /var/lib/misc/HOST_privatekey.pem
distinguished_name = req_distinguished_name
prompt = no
@@
-13,13
+12,10
@@
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
req_extensions = v3_req
[ req_distinguished_name ]
-countryName = HR
-#stateOrProvinceName =
-#localityName =
-organizationName = DOMAIN
-#organizationalUnitName =
-commonName = HOST
-emailAddress = WEBMASTER
+countryName = HR
+organizationName = DOMAIN
+commonName = HOST
+emailAddress = WEBMASTER
[ v3_req ]
subjectAltName=DNS:HOST,DNS:www.DOMAIN,DNS:mail.DOMAIN,DNS:ldap.DOMAIN,DNS:webmail.DOMAIN
[ v3_req ]
subjectAltName=DNS:HOST,DNS:www.DOMAIN,DNS:mail.DOMAIN,DNS:ldap.DOMAIN,DNS:webmail.DOMAIN