3,299
edits
Changes
From SME Server
Jump to navigationJump to search→creating .csr and .key files
Line 19:
Line 19:
+
'1024')+
use esmith::ConfigDB;
use esmith::ConfigDB;
use esmith::DomainsDB;
use esmith::DomainsDB;
+ # variable to edit
+ my $keycrypt = 2048;
+ my $KEYLIFEINDAYS = 730;
+ my $COUNTRYCODE = "US"; ## <===================== change to your country code !
+ # end of modifications
my $config = esmith::ConfigDB->open;
my $config = esmith::ConfigDB->open;
Line 30:
Line 36:
open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
− print CONFIG "[ req ]\ndefault_bits = 1024\ndistinguished_name = req_distinguished_name\n";
+ print CONFIG "[ req ]\ndefault_bits = $keycrypt\ndistinguished_name = req_distinguished_name\n";
# if you need a SHA1 csr, uncomment the following row
# if you need a SHA1 csr, uncomment the following row
#print CONFIG "default_md = sha1\n";
#print CONFIG "default_md = sha1\n";
print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
− print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n\n";
+ print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n";
+ print CONFIG "countryName = $COUNTRYCODE\n";
print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
print CONFIG "\n";
print CONFIG "\n";
close(CONFIG) or die "Closing openssl config file reported: $!";
close(CONFIG) or die "Closing openssl config file reported: $!";
+ unless ( -f "$domains[0].key" )
unless ( -f "$domains[0].key" )
Line 59:
Line 67:
/proc/uptime
/proc/uptime
)),
)),
− $keycrypt)
|| die "can't exec program: $!";
|| die "can't exec program: $!";
}
}
Line 76:
Line 84:
qw(req -config), "$domains[0].config",
qw(req -config), "$domains[0].config",
qw(-new -key), "$domains[0].key",
qw(-new -key), "$domains[0].key",
− qw(-days 730 -set_serial), time())
+ qw(-days $KEYLIFEINDAYS -set_serial), time())
|| die "can't exec program: $!";
|| die "can't exec program: $!";
}
}
Line 87:
Line 95:
+* modify the 3 variables in the script according to your needs
+ # variable to edit
+ my $keycrypt = 2048; #<= must be a 1024 multiple; some CA authorities ask for at least 2048
+ my $KEYLIFEINDAYS = 730; # <= validity of the Certificate in days must be greater (or at least equal)than the validity of the one you are buying
+ my $COUNTRYCODE = "US"; ## <===================== change to your country code !
+ # end of modifications
*Change permissions
*Change permissions
Line 95:
Line 109:
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
+
+===footnotes===
+
+This script is helpful but incomplete. Some configurations info are missing in order to obtain a cert from some CA Authorities (http://www.flatmtn.com/article/setting-openssl-create-certificates) .Some of the information needed are missing in the smeserver database like countrycode you have to insert them in the code for the moment...
== obtain .crt file from cacert==
== obtain .crt file from cacert==
