blob: bfd3f0c3077436d70a1064e93e3b003bb62f0f3b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#!/bin/bash
# = Parabola Social
# Generates a self-signed certificate and installs it.
# From: http://www.akadia.com/services/ssh_test_certificate.html
# This script is released in the Public Domain.
# Exit status:
# 0 - Everything OK
# 1 - Private key generation failed
# 2 - CSR generation failed
# 3 - Copying the encrypted key failed
# 4 - Private key decryption failed
# 5 - CSR signing failed
# 6 - Linking local key failed
# 7 - Linking local certificate failed
# Standard Arch's SSL directories
ssl_dir=/etc/ssl
ssl_key_dir=${ssl_dir}/private
ssl_crt_dir=${ssl_dir}/certs
# Hostname should be already set
hostname=`hostname`
echo ":: Generating a private key.
The generated file *must not be shared* with anyone. It's private."
openssl genrsa -des3 \
-out ${ssl_dir}/${hostname}.key 1024 || exit 1
echo ":: Generating a Certificate Signing Request.
This can be signed by you or by a Certificate Authority."
openssl req -new \
-key ${ssl_dir}/${hostname}.key \
-out ${ssl_dir}/${hostname}.csr || exit 2
cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3
echo ":: Decrypting the private key..."
openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \
-out ${ssl_key_dir}/${hostname}.key || exit 4
echo ":: Signing the Certificate Signing Request.
This step will generate your self-signed certificate to use on secure connections."
openssl x509 -req \
-days 365 \
-in ${ssl_dir}/${hostname}.csr \
-signkey ${ssl_key_dir}/${hostname}.key \
-out ${ssl_crt_dir}/${hostname}.crt || exit 5
echo ":: Installing private key and certificate into local directories."
ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6
ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7
exit 0
|