35 lines
1 KiB
Bash
Executable file
35 lines
1 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# this script creates the stunnel certificate for https
|
|
#
|
|
# parameter: "destination file"
|
|
#
|
|
# called by:
|
|
# - cbox-manage.sh during network-up if no certificate was found on the config partition
|
|
#
|
|
|
|
set -eu
|
|
|
|
# parse config file
|
|
. /etc/cryptobox/cryptobox.conf
|
|
|
|
|
|
## vcert values are in openssl.conf
|
|
CERTFILE="$1"
|
|
TMP_FILE=/tmp/cryptobox-cert.tmp
|
|
|
|
[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
|
|
# this command creates the certificate
|
|
# this is required, because the certbuilding asks for 5 returns
|
|
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
|
|
chmod 600 "$CERTFILE"
|
|
|
|
# next step needs a lot of randomdata
|
|
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
|
|
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
|
|
rm "$TMP_FILE"
|
|
|
|
#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0
|
|
|
|
## print out cert values
|
|
#openssl x509 -subject -dates -fingerprint -in stunnel.pem
|