lars
87af175764
disabled 'help' plugin for now enabled some ownership checks in CryptoBoxRootActions documentation updates for proxy and ssl configurations
42 lines
1.3 KiB
Bash
Executable file
42 lines
1.3 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# This script creates a stunnel certificate for https
|
|
# and starts a tunnel from :80 to :443. It's meant as en example so
|
|
# use it with care.
|
|
#
|
|
# An example for the openssl config file can be found in
|
|
# conf-examples/openssl.cnf .
|
|
#
|
|
|
|
set -eu
|
|
|
|
test $# -ne 2 && echo "Usage: $(basename $0) OPENSSL_CONF_FILE CERT_FILE" && exit 1
|
|
|
|
TMP_FILE=/tmp/cryptobox-cert.tmp
|
|
## vcert values are in openssl.conf
|
|
#OPENSSL_CONF_FILE="../conf-examples/openssl.cnf"
|
|
OPENSSL_CONF_FILE="$1"
|
|
## filename for the created cert
|
|
#CERTFILE="cryptobox.cert"
|
|
CERTFILE="$2"
|
|
## source & destination ports
|
|
SRC_PORT="8080"
|
|
DST_PORT="443"
|
|
|
|
|
|
[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
|
|
# this command creates the certificate
|
|
# the "\n" are required, because the certbuilding asks for 5 returns
|
|
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
|
|
chmod 600 "$CERTFILE"
|
|
|
|
# next step needs a lot of randomdata
|
|
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
|
|
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
|
|
rm "$TMP_FILE"
|
|
|
|
## print out cert values
|
|
#openssl x509 -subject -dates -fingerprint -in stunnel.pem
|
|
|
|
stunnel -p ${CERTFILE} -r localhost:${SRC_PORT} -d ${DST_PORT}
|
|
|