now qemu and ssh use local configurations
parent
e1dd6180a2
commit
546ce6e73c
@ -1,92 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -u
|
||||
|
||||
## http://www2.goldfisch.at/knowledge/142 beschreibt's recht gut
|
||||
|
||||
|
||||
CA_DIR="CA/"
|
||||
# enthaelt das Verzeichnis "demoCA" (siehe unten: CA-Erzeugung)
|
||||
|
||||
KEYSIZE=1024
|
||||
CONFIG="openssl.conf"
|
||||
TIME="365"
|
||||
|
||||
TMPREQ="/tmp/mein-apache-cert.req"
|
||||
TMPRAN="/tmp/mein-apache-cert.random"
|
||||
CSR_FILE=$1.csr
|
||||
KEY_FILE1=$1-temp.key
|
||||
KEY_FILE2=$1.key
|
||||
CRT_FILE=$1.crt
|
||||
|
||||
|
||||
if test -z "$1";
|
||||
then echo "Syntax: $0 ZERTIFIKATS-DATEI [CA-Datei]"
|
||||
echo " (die Dateienedungen (key, csr, crt) werden automatisch angefuegt)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Erzeuge Zufallszahlen ..."
|
||||
echo "-----------------------------------------------"
|
||||
# erzeugt eine große menge an zufallszahlen abhängig von keysize
|
||||
dd if=/dev/urandom of=$TMPRAN bs=$KEYSIZE count=$KEYSIZE || exit 2
|
||||
sleep 1
|
||||
|
||||
echo -e "\nErzeuge den Schluessel ..."
|
||||
echo "-----------------------------------------------"
|
||||
openssl genrsa -rand $TMPRAN $KEYSIZE > $KEY_FILE1 || exit 3
|
||||
# z.B.: -des3 um Verschluesselung des Zertifikats zu aktivieren
|
||||
|
||||
# found that way in http://www.rpatrick.com/tech/makecert/
|
||||
openssl rsa -in $KEY_FILE1 -out $KEY_FILE2
|
||||
chmod go-rwx $KEY_FILE2
|
||||
|
||||
echo -e "\nErzeuge die X509-Informationen ..."
|
||||
echo "-----------------------------------------------"
|
||||
# wichtige parameter werden aus der config gelesen
|
||||
openssl req -new -x509 -key $KEY_FILE2 -config $CONFIG > $TMPREQ || exit 4
|
||||
#openssl req -new -x509 -key $KEY_FILE -config $CONFIG > $TMPREQ || exit 4
|
||||
chmod go-rwx $TMPREQ
|
||||
|
||||
echo -e "\nFuege das Zertifikat zusammen ..."
|
||||
echo "-----------------------------------------------"
|
||||
cat $TMPREQ $KEY_FILE2 >$CSR_FILE || exit 5
|
||||
chmod go-rwx $CSR_FILE
|
||||
|
||||
echo -e "\nLoesche temporaere Dateien ..."
|
||||
echo "-----------------------------------------------"
|
||||
rm $TMPRAN $TMPREQ $KEY_FILE1
|
||||
|
||||
echo -e "\nDie Signierungsanforderung $CSR_FILE wurde erzeugt!"
|
||||
|
||||
test -e "$CA_DIR" || exit 0
|
||||
|
||||
# nun wird per CA zertifiziert ...
|
||||
# die CA wird erstmalig durch das Skript CA.sh mit dem Parameter "-newca" erstellt
|
||||
|
||||
AKT_DIR=`pwd`
|
||||
|
||||
echo -e "\nDiese wird nun von der CA signiert ...\n"
|
||||
|
||||
echo "--kopiere"
|
||||
cp $CSR_FILE ${CA_DIR}newreq.pem
|
||||
|
||||
[ -f newcert.pem ] && rm newcert.pem
|
||||
echo "--signiere"
|
||||
openssl x509 -x509toreq -in ${CA_DIR}newreq.pem -days $TIME -signkey ${CA_DIR}newreq.pem -out ${CA_DIR}tmp.pem || exit 6
|
||||
echo "-signiere"
|
||||
openssl ca -config $CONFIG -policy policy_anything -days $TIME -out ${CA_DIR}newcert.pem -infiles ${CA_DIR}tmp.pem || exit 7
|
||||
echo "foo"
|
||||
[ -f tmp.pem ] && rm tmp.pem && echo "tmp.pem gloescht"
|
||||
|
||||
if [ ! -s newcert.pem ];
|
||||
then echo "Fehler: das neue Zertifikat wurde nicht erstellt!"
|
||||
exit 8
|
||||
fi
|
||||
|
||||
rm newreq.pem
|
||||
echo $AKT_DIR
|
||||
mv newcert.pem ${AKT_DIR}/$CRT_FILE || echo "fehla 9" && exit 9
|
||||
cd $AKT_DIR
|
||||
rm $CSR_FILE
|
||||
|
||||
echo -e "\nFertig!"
|
@ -0,0 +1,13 @@
|
||||
Host cryptobox
|
||||
|
||||
# change this part according to your needs
|
||||
HostName 192.168.0.23
|
||||
Port 22
|
||||
|
||||
# this should be valid for everyone
|
||||
User root
|
||||
CheckHostIP no
|
||||
StrictHostKeyChecking no
|
||||
|
||||
# nice for frequently changing server key due to a rebuild of the base system
|
||||
UserKnownHostsFile /tmp/cryptobox-ssh-known_hosts
|
Loading…
Reference in New Issue