summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@kiwwwi.com.ar>2010-10-24 05:39:23 -0300
committerNicolás Reynolds <fauno@kiwwwi.com.ar>2010-10-24 05:39:23 -0300
commit09d545a26b51c8eea72d2949f06cc70cc42a74eb (patch)
treecadd20e6fb86ec9dc311f635a5884b7d3fb3c3b5
parent29cb588ab383ea95b534d1e1d31ad39734ac6edd (diff)
Added error checking and logging to certificate generation
-rwxr-xr-xbin/generate_self_signed_cert53
1 files changed, 44 insertions, 9 deletions
diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert
index bfd3f0c..0aea6f8 100755
--- a/bin/generate_self_signed_cert
+++ b/bin/generate_self_signed_cert
@@ -20,25 +20,46 @@ ssl_dir=/etc/ssl
ssl_key_dir=${ssl_dir}/private
ssl_crt_dir=${ssl_dir}/certs
+log_file=/tmp/certificate_$$.log
+
# Hostname should be already set
hostname=`hostname`
echo ":: Generating a private key.
The generated file *must not be shared* with anyone. It's private."
openssl genrsa -des3 \
- -out ${ssl_dir}/${hostname}.key 1024 || exit 1
+ -out ${ssl_dir}/${hostname}.key 1024 2>> ${log_file} || {
+ echo " [FAILED]"
+ exit 1
+}
+# TODO Can this be autofilled?
echo ":: Generating a Certificate Signing Request.
- This can be signed by you or by a Certificate Authority."
+ This can be signed by you or by a Certificate Authority.
+ Most important thing to complete here is the Common Name,
+ that is, the full hostname of your machine as will be
+ accesed from internet (ie. yoursocialmachine.sometld).
+
+ In short, you have to type the hostname you already configured
+ and leave the challenge password empty. Go ahead!"
openssl req -new \
-key ${ssl_dir}/${hostname}.key \
- -out ${ssl_dir}/${hostname}.csr || exit 2
+ -out ${ssl_dir}/${hostname}.csr || {
+ echo " [FAILED]"
+ exit 2
+}
-cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3
+cp ${ssl_dir}/${hostname}.key{,.encrypted} >> ${log_file} 2>&1 || {
+ echo " [FAILED]"
+ exit 3
+}
echo ":: Decrypting the private key..."
openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \
- -out ${ssl_key_dir}/${hostname}.key || exit 4
+ -out ${ssl_key_dir}/${hostname}.key >> ${log_file} 2>&1 || {
+ echo " [FAILED]"
+ exit 4
+}
echo ":: Signing the Certificate Signing Request.
This step will generate your self-signed certificate to use on secure connections."
@@ -46,10 +67,24 @@ openssl x509 -req \
-days 365 \
-in ${ssl_dir}/${hostname}.csr \
-signkey ${ssl_key_dir}/${hostname}.key \
- -out ${ssl_crt_dir}/${hostname}.crt || exit 5
+ -out ${ssl_crt_dir}/${hostname}.crt >> ${log_file} 2>&1 || {
+ echo " [FAILED]"
+ exit 5
+}
+
+echo ":: Installing private key and certificate into local directories..."
+ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key >> ${log_file} 2>&1 || {
+ echo " [FAILED]"
+ exit 6
+}
+
+ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt >> ${log_file} 2>&1 || {
+ echo " [FAILED]"
+ exit 7
+}
-echo ":: Installing private key and certificate into local directories."
-ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6
-ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7
+chmod 400 ${ssl_key_dir}/${hostname}.key
+chmod 444 ${ssl_crt_dir}/${hostname}.crt
+echo ":: Everything went fine!"
exit 0