48 lines
1.5 KiB
Bash
Executable File
48 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
|
#
|
|
# License: This script is distributed under the terms of version 2
|
|
# of the GNU GPL. See the LICENSE file included with the package.
|
|
#
|
|
# $Id$
|
|
#
|
|
# this script creates the stunnel certificate for https
|
|
#
|
|
# parameter: "destination file"
|
|
#
|
|
# called by:
|
|
# - cbox-manage.sh during network-up if no certificate was found on the config partition
|
|
#
|
|
|
|
set -eu
|
|
|
|
# read the default setting file, if it exists
|
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
|
|
|
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
|
# parse config file
|
|
. "$CONF_FILE"
|
|
|
|
|
|
# vcert values are in OPENSSL_CONF_FILE
|
|
CERTFILE="$1"
|
|
TMP_FILE=/tmp/cryptobox-cert.tmp
|
|
|
|
[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
|
|
# this command creates the certificate
|
|
# this is required, because the certbuilding asks for 5 returns
|
|
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
|
|
chmod 600 "$CERTFILE"
|
|
|
|
# next step needs a lot of randomdata
|
|
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
|
|
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
|
|
rm "$TMP_FILE"
|
|
|
|
#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0
|
|
|
|
## print out cert values
|
|
#openssl x509 -subject -dates -fingerprint -in stunnel.pem
|