| 4 |
- |
1 |
#!/bin/sh
|
|
|
2 |
#
|
|
|
3 |
# This is a wrapper script to create default certificates when the
|
|
|
4 |
# server first starts in debugging mode. Once the certificates have been
|
|
|
5 |
# created, this file should be deleted.
|
|
|
6 |
#
|
|
|
7 |
# Ideally, this program should be run as part of the installation of any
|
|
|
8 |
# binary package. The installation should also ensure that the permissions
|
|
|
9 |
# and owners are correct for the files generated by this script.
|
|
|
10 |
#
|
|
|
11 |
# $Id$
|
|
|
12 |
#
|
|
|
13 |
umask 027
|
|
|
14 |
cd `dirname $0`
|
|
|
15 |
|
|
|
16 |
make -h > /dev/null 2>&1
|
|
|
17 |
|
|
|
18 |
#
|
|
|
19 |
# If we have a working "make", then use it. Otherwise, run the commands
|
|
|
20 |
# manually.
|
|
|
21 |
#
|
|
|
22 |
if [ "$?" = "0" ]; then
|
|
|
23 |
make all
|
|
|
24 |
exit $?
|
|
|
25 |
fi
|
|
|
26 |
|
|
|
27 |
#
|
|
|
28 |
# The following commands were created by running "make -n", and edited
|
|
|
29 |
# to remove the trailing backslash, and to add "exit 1" after the commands.
|
|
|
30 |
#
|
|
|
31 |
# Don't edit the following text. Instead, edit the Makefile, and
|
|
|
32 |
# re-generate these commands.
|
|
|
33 |
#
|
|
|
34 |
if [ ! -f dh ]; then
|
|
|
35 |
openssl dhparam -out dh 1024 || exit 1
|
|
|
36 |
if [ -e /dev/urandom ] ; then
|
|
|
37 |
dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1;
|
|
|
38 |
else
|
|
|
39 |
date > ./random;
|
|
|
40 |
fi
|
|
|
41 |
fi
|
|
|
42 |
|
|
|
43 |
if [ ! -f server.key ]; then
|
|
|
44 |
openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
|
|
|
45 |
fi
|
|
|
46 |
|
|
|
47 |
if [ ! -f ca.key ]; then
|
|
|
48 |
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
|
|
|
49 |
fi
|
|
|
50 |
|
|
|
51 |
if [ ! -f index.txt ]; then
|
|
|
52 |
touch index.txt
|
|
|
53 |
fi
|
|
|
54 |
|
|
|
55 |
if [ ! -f serial ]; then
|
|
|
56 |
echo '01' > serial
|
|
|
57 |
fi
|
|
|
58 |
|
|
|
59 |
if [ ! -f server.crt ]; then
|
|
|
60 |
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
|
|
|
61 |
fi
|
|
|
62 |
|
|
|
63 |
if [ ! -f server.p12 ]; then
|
|
|
64 |
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
|
|
65 |
fi
|
|
|
66 |
|
|
|
67 |
if [ ! -f server.pem ]; then
|
|
|
68 |
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
|
|
69 |
openssl verify -CAfile ca.pem server.pem || exit 1
|
|
|
70 |
fi
|
|
|
71 |
|
|
|
72 |
if [ ! -f ca.der ]; then
|
|
|
73 |
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
|
|
|
74 |
fi
|
|
|
75 |
|
|
|
76 |
if [ ! -f client.key ]; then
|
|
|
77 |
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
|
|
|
78 |
fi
|
|
|
79 |
|
|
|
80 |
if [ ! -f client.crt ]; then
|
|
|
81 |
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
|
|
|
82 |
fi
|