From 09d545a26b51c8eea72d2949f06cc70cc42a74eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= <fauno@kiwwwi.com.ar>
Date: Sun, 24 Oct 2010 05:39:23 -0300
Subject: Added error checking and logging to certificate generation

---
 bin/generate_self_signed_cert | 53 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 44 insertions(+), 9 deletions(-)

diff --git a/bin/generate_self_signed_cert b/bin/generate_self_signed_cert
index bfd3f0c..0aea6f8 100755
--- a/bin/generate_self_signed_cert
+++ b/bin/generate_self_signed_cert
@@ -20,25 +20,46 @@ ssl_dir=/etc/ssl
 ssl_key_dir=${ssl_dir}/private
 ssl_crt_dir=${ssl_dir}/certs
 
+log_file=/tmp/certificate_$$.log
+
 # Hostname should be already set
 hostname=`hostname` 
 
 echo ":: Generating a private key.
     The generated file *must not be shared* with anyone. It's private."
 openssl genrsa -des3 \
-               -out ${ssl_dir}/${hostname}.key 1024 || exit 1
+               -out ${ssl_dir}/${hostname}.key 1024 2>> ${log_file} || {
+    echo " [FAILED]"
+    exit 1
+}
 
+# TODO Can this be autofilled?
 echo ":: Generating a Certificate Signing Request.
-    This can be signed by you or by a Certificate Authority."
+    This can be signed by you or by a Certificate Authority.
+    Most important thing to complete here is the Common Name,
+    that is, the full hostname of your machine as will be
+    accesed from internet (ie. yoursocialmachine.sometld).
+    
+    In short, you have to type the hostname you already configured
+    and leave the challenge password empty. Go ahead!"
 openssl req -new \
             -key ${ssl_dir}/${hostname}.key \
-            -out ${ssl_dir}/${hostname}.csr || exit 2
+            -out ${ssl_dir}/${hostname}.csr || {
+    echo " [FAILED]"
+    exit 2
+}
 
-cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3
+cp ${ssl_dir}/${hostname}.key{,.encrypted} >> ${log_file} 2>&1 || {
+    echo " [FAILED]"
+    exit 3
+}
 
 echo ":: Decrypting the private key..."
 openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \
-            -out ${ssl_key_dir}/${hostname}.key || exit 4
+            -out ${ssl_key_dir}/${hostname}.key >> ${log_file} 2>&1 || {
+    echo " [FAILED]"
+    exit 4
+}
 
 echo ":: Signing the Certificate Signing Request.
     This step will generate your self-signed certificate to use on secure connections."
@@ -46,10 +67,24 @@ openssl x509 -req \
              -days 365 \
              -in ${ssl_dir}/${hostname}.csr \
              -signkey ${ssl_key_dir}/${hostname}.key \
-             -out ${ssl_crt_dir}/${hostname}.crt || exit 5
+             -out ${ssl_crt_dir}/${hostname}.crt >> ${log_file} 2>&1 || {
+    echo " [FAILED]"
+    exit 5
+}
+
+echo ":: Installing private key and certificate into local directories..."
+ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key >> ${log_file} 2>&1 || {
+    echo " [FAILED]"
+    exit 6
+}
+
+ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt >> ${log_file} 2>&1 || {
+    echo " [FAILED]"
+    exit 7
+}
 
-echo ":: Installing private key and certificate into local directories."
-ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6
-ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7
+chmod 400 ${ssl_key_dir}/${hostname}.key
+chmod 444 ${ssl_crt_dir}/${hostname}.crt
 
+echo ":: Everything went fine!"
 exit 0
-- 
cgit v1.2.2