File: mod-ssl-makecert

package info (click to toggle)
libapache-mod-ssl 2.8.22-1sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 3,208 kB
  • ctags: 1,649
  • sloc: ansic: 13,070; sh: 3,304; lex: 190; makefile: 99; yacc: 97; perl: 11
file content (110 lines) | stat: -rw-r--r-- 2,298 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
#! /bin/sh

apa=/etc/apache
support=/usr/share/apache/mod_ssl

makecert()
{
	echo "What type of certificate do you want to create?"
	echo
	echo "  1. dummy     (dummy self-signed Snake Oil cert)"
	echo "  2. test      (test cert signed by Snake Oil CA)"
	echo "  3. custom    (custom cert signed by own CA)"
	echo "  4. existing  (existing cert)"
	echo
	echo
	echo "Use  dummy     when you are a vendor package maintainer,"
	echo "     test      when you are an admin but want to do tests only,"
	echo "     custom    when you are an admin willing to run a real server"
	echo "     existing  when you are an admin who upgrades a server."
	echo
	echo "Normally you would choose 2."
	echo
	echo -n "your choice: "
	TYPE=""
	while read ans; do
		case "$ans" in
			1) TYPE=dummy ;;
			2) TYPE=test ;;
			3) TYPE=custom ;;
			4) TYPE=existing ;;
		esac
		[ "$TYPE" ] && break || echo "your choice is not valid, please enter a number"
		echo -n "> "
	done

	echo "Which algorithm should be used to generate required key(s)?"
	echo
	echo "  1. RSA"
	echo "  2. DSA"
	echo
	echo "Normally you would choose 1."
	echo
	echo -n "your choice: "
	ALGO=""
	while read ans; do
		case "$ans" in
			1) ALGO=RSA ;;
			2) ALGO=DSA ;;
		esac
		[ "${ALGO}" ] && break || echo "your choice is not valid, please enter a number"
		echo -n "> "
	done
	${support}/mkcert.sh make "" openssl ${support} ${TYPE} ${ALGO} "" "" "" ${apa}
	rm -rf .mkcert.serial
}

overwrite()
{
	seen=
	for i in crt csr key prm; do
		mkdir -p $apa/ssl.$i
		[ ! -f $apa/ssl.$i/$1.$i ] && continue
		echo "$apa/ssl.$i/$1.$i: already present"
		seen=yes
	done
	[ ! "$seen" ] && return 0

	echo
	if [ "$1" = server ]; then
		line=""
	else
		line="for $1"
	fi

	echo -n "Do you really want to overwrite the existing "
	echo -n "certificate $line? [y/N]: "
	read ans
	case "$ans" in
		y*|Y*)
			ret=0
			;;
		*)
			ret=1
			echo
			;;
	esac

	return $ret
}

askwhere()
{
	echo
	echo "Enter the name for this certificate. The files will get"
	echo "stored as $apa/ssl.{crt,csr,key}/server.{crt,csr,key}."
	echo "The default is \"server\"".
	echo
	done=
	while [ ! "$done" ]; do
		echo -n "certificate name [server]> "
		read name
		[ "$name" = "" ] && name=server
		echo
		overwrite $name && break
	done
}

#askwhere
overwrite server || exit 1
makecert