Changes

From SME Server
Jump to navigationJump to search

Custom CA Certificate (view source)

Revision as of 12:16, 21 January 2011

563 bytes removed ,  12:16, 21 January 2011
Undo revision 15309 by Unnilennium (Talk)
Line 20: Line 20:  
  use esmith::DomainsDB;
 
  use esmith::DomainsDB;
 
   
 
   
# variable to edit
  −
my keycrypt = 2048;
  −
my KEYLIFEINDAYS = 730;
  −
my COUNTRYCODE = US;  ## <====== change to your country code !
  −
# end of modifications
  −
   
  my $config  = esmith::ConfigDB->open;
 
  my $config  = esmith::ConfigDB->open;
 
  my $domainsdb = esmith::DomainsDB->open_ro;
 
  my $domainsdb = esmith::DomainsDB->open_ro;
Line 36: Line 30:  
  open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
 
  open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
 
  print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
 
  print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
  print CONFIG "[ req ]\ndefault_bits = $keycrypt\ndistinguished_name = req_distinguished_name\n";
+
  print CONFIG "[ req ]\ndefault_bits = 1024\ndistinguished_name = req_distinguished_name\n";
 
  # if you need a SHA1 csr, uncomment the following row
 
  # if you need a SHA1 csr, uncomment the following row
 
  #print CONFIG "default_md  = sha1\n";
 
  #print CONFIG "default_md  = sha1\n";
 
  print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
 
  print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
  print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n";
+
  print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n\n";
print CONFIG "countryName = $COUNTRYCODE\n";
   
  print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
 
  print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
 
  print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
 
  print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
Line 66: Line 59:  
                 /proc/uptime
 
                 /proc/uptime
 
                 )),
 
                 )),
             $keycrypt)
+
             '1024')
 
             || die "can't exec program: $!";
 
             || die "can't exec program: $!";
 
     }
 
     }
Line 83: Line 76:  
         qw(req -config), "$domains[0].config",
 
         qw(req -config), "$domains[0].config",
 
         qw(-new -key), "$domains[0].key",
 
         qw(-new -key), "$domains[0].key",
         qw(-days $KEYLIFEINDAYS -set_serial), time())
+
         qw(-days 730 -set_serial), time())
 
         || die "can't exec program: $!";
 
         || die "can't exec program: $!";
 
  }
 
  }
Line 97: Line 90:  
*Change permissions
 
*Change permissions
 
  chmod u+x cacert_csr_request
 
  chmod u+x cacert_csr_request
  −
* change the variable values you need !
      
*Execute the file
 
*Execute the file
Line 104: Line 95:     
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
 
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
  −
== footnotes==
  −
  −
this script is helpfull but incomplete. Some configuratiosn info are missing in order to obtain a cert from some CA authorities (http://www.flatmtn.com/article/setting-openssl-create-certificates) .Some of the informations must are missing in the smeserver database like countrycode ...
      
== obtain .crt file from cacert==
 
== obtain .crt file from cacert==
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/15322"

Navigation menu