summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@kiwwwi.com.ar>2010-10-24 04:44:58 -0300
committerNicolás Reynolds <fauno@kiwwwi.com.ar>2010-10-24 04:44:58 -0300
commitb37d61848e087e392fd3b3b52044fe1832c07c1f (patch)
treebf8f4c43357d2cb4c1b081e445824bab2b10bbbf
parentac73c60baa0cc108b29b2a2e87407a0439c340c3 (diff)
Added script for generating self-signed certificates
-rw-r--r--README8
-rwxr-xr-xbin/generate_self_signed_cert55
2 files changed, 62 insertions, 1 deletions
diff --git a/README b/README
index 17647a6..31928a7 100644
--- a/README
+++ b/README
@@ -9,7 +9,7 @@
* Follow their instructions
=== Next
-* Configure hostname
+* Configure hostname => Use valid domain / free network
* GPG autoconfiguration
- Generate GPG key pairs or install one
- {root,main_user}@hostname
@@ -19,6 +19,8 @@
(get one from CACert.org)
(http://ur1.ca/23a34 solves this, we should apply it to SimpleID)
- Generate crontab for remembering to re-create
+ - Key is located at and linked to /etc/ssl/private/{$hostname,local}.key
+ - Cert is located at and linked to /etc/ssl/certs/{$hostname,local}.crt
* OpenLDAP
- Configure domain
- Configure address book
@@ -33,3 +35,7 @@
Use this category to write down ideas and documentation:
http://wiki.parabolagnulinux.org/Category:Parabola_GNU/Social
+
+== Software to check
+* Varnish http://www.varnish-cache.org/
+ HTTP Accelerator, for caching web
diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert
new file mode 100755
index 0000000..bfd3f0c
--- /dev/null
+++ b/bin/generate_self_signed_cert
@@ -0,0 +1,55 @@
+#!/bin/bash
+# = Parabola Social
+# Generates a self-signed certificate and installs it.
+# From: http://www.akadia.com/services/ssh_test_certificate.html
+
+# This script is released in the Public Domain.
+
+# Exit status:
+# 0 - Everything OK
+# 1 - Private key generation failed
+# 2 - CSR generation failed
+# 3 - Copying the encrypted key failed
+# 4 - Private key decryption failed
+# 5 - CSR signing failed
+# 6 - Linking local key failed
+# 7 - Linking local certificate failed
+
+# Standard Arch's SSL directories
+ssl_dir=/etc/ssl
+ssl_key_dir=${ssl_dir}/private
+ssl_crt_dir=${ssl_dir}/certs
+
+# Hostname should be already set
+hostname=`hostname`
+
+echo ":: Generating a private key.
+ The generated file *must not be shared* with anyone. It's private."
+openssl genrsa -des3 \
+ -out ${ssl_dir}/${hostname}.key 1024 || exit 1
+
+echo ":: Generating a Certificate Signing Request.
+ This can be signed by you or by a Certificate Authority."
+openssl req -new \
+ -key ${ssl_dir}/${hostname}.key \
+ -out ${ssl_dir}/${hostname}.csr || exit 2
+
+cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3
+
+echo ":: Decrypting the private key..."
+openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \
+ -out ${ssl_key_dir}/${hostname}.key || exit 4
+
+echo ":: Signing the Certificate Signing Request.
+ This step will generate your self-signed certificate to use on secure connections."
+openssl x509 -req \
+ -days 365 \
+ -in ${ssl_dir}/${hostname}.csr \
+ -signkey ${ssl_key_dir}/${hostname}.key \
+ -out ${ssl_crt_dir}/${hostname}.crt || exit 5
+
+echo ":: Installing private key and certificate into local directories."
+ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6
+ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7
+
+exit 0