1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#! /bin/sh
# defaults
name=server
ca=ca
apa=/etc/apache
# command line overrides
[ -n "$1" ] && name=$1
[ -n "$2" ] && ca=$2
[ -n "$3" ] && apa=$3
# do not touch this!
support=/usr/share/apache/mod_ssl
seen=
for i in crt csr key prm; do
mkdir -p $apa/ssl.$i
[ ! -f $apa/ssl.$i/$name.$i ] && continue
echo "$apa/ssl.$i/$name.$i: already present"
seen=yes
done
if [ -n "$seen" ]; then
echo
echo -n "Do you really want to overwrite the existing "
echo -n "certificate for $name? [y/N]: "
read ans
ans=`echo $ans | tr A-Z a-z`
case "$ans" in
y|yes)
echo
;;
*)
echo
exit 1
;;
esac
fi
echo "What type of certificate do you want to create?"
echo
echo " 1. dummy (dummy self-signed Snake Oil cert)"
echo " 2. test (test cert signed by Snake Oil CA)"
echo " 3. custom (custom cert signed by own CA)"
echo " 4. existing (existing cert)"
echo
echo
echo "Use dummy when you are a vendor package maintainer,"
echo " test when you are an admin but want to do tests only,"
echo " custom when you are an admin willing to run a real server"
echo " existing when you are an admin who upgrades a server."
echo
echo "Normally you would choose 2."
echo
echo -n "your choice: "
type=""
while read ans; do
case "$ans" in
1) type=dummy ;;
2) type=test ;;
3) type=custom ;;
4) type=existing ;;
esac
[ "$type" ] && break || echo "your choice is not valid, please enter a number"
echo -n "your choice: "
done
crt=
key=
algo=
if [ "$type" = "existing" ]; then
echo -n "Type the file name of your certificate: "
crt=""
while read crt; do
[ "$crt" ] && break || echo "your choice is not valid, please enter a file name"
echo -n "Type the file name of your certificate: "
done
echo -n "Type the full path name of your key (if any), otherwise press enter: "
key=
read key
else
echo "Which algorithm should be used to generate required key(s)?"
echo
echo " 1. RSA"
echo " 2. DSA"
echo
echo "Normally you would choose 1."
echo
echo -n "your choice: "
algo=""
while read ans; do
case "$ans" in
1) algo=rsa ;;
2) algo=dsa ;;
esac
[ "${algo}" ] && break || echo "your choice is not valid, please enter a number"
echo -n "your choice: "
done
fi
view=
${support}/mkcert.sh openssl ${support} ${type} "${algo}" "${crt}" "${key}" "${view}" "${apa}" "${name}" "${ca}"
rm -rf .mkcert.serial
|
