Line 20: |
Line 20: |
| use esmith::DomainsDB; | | use esmith::DomainsDB; |
| | | |
| + | # variable to edit |
| + | my keycrypt = 2048; |
| + | my KEYLIFEINDAYS = 730; |
| + | my COUNTRYCODE = US; ## <====== change to your country code ! |
| + | # end of modifications |
| + | |
| my $config = esmith::ConfigDB->open; | | my $config = esmith::ConfigDB->open; |
| my $domainsdb = esmith::DomainsDB->open_ro; | | my $domainsdb = esmith::DomainsDB->open_ro; |
Line 30: |
Line 36: |
| open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!"; | | open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!"; |
| print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n"; | | print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n"; |
− | print CONFIG "[ req ]\ndefault_bits = 1024\ndistinguished_name = req_distinguished_name\n"; | + | print CONFIG "[ req ]\ndefault_bits = $keycrypt\ndistinguished_name = req_distinguished_name\n"; |
| # if you need a SHA1 csr, uncomment the following row | | # if you need a SHA1 csr, uncomment the following row |
| #print CONFIG "default_md = sha1\n"; | | #print CONFIG "default_md = sha1\n"; |
| print CONFIG "req_extensions = v3_req\nprompt = no\n\n"; | | print CONFIG "req_extensions = v3_req\nprompt = no\n\n"; |
− | print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n\n"; | + | print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n"; |
| + | print CONFIG "countryName = $COUNTRYCODE\n"; |
| print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n"; | | print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n"; |
| print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains; | | print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains; |
Line 59: |
Line 66: |
| /proc/uptime | | /proc/uptime |
| )), | | )), |
− | '1024') | + | $keycrypt) |
| || die "can't exec program: $!"; | | || die "can't exec program: $!"; |
| } | | } |
Line 76: |
Line 83: |
| qw(req -config), "$domains[0].config", | | qw(req -config), "$domains[0].config", |
| qw(-new -key), "$domains[0].key", | | qw(-new -key), "$domains[0].key", |
− | qw(-days 730 -set_serial), time()) | + | qw(-days $KEYLIFEINDAYS -set_serial), time()) |
| || die "can't exec program: $!"; | | || die "can't exec program: $!"; |
| } | | } |
Line 90: |
Line 97: |
| *Change permissions | | *Change permissions |
| chmod u+x cacert_csr_request | | chmod u+x cacert_csr_request |
| + | |
| + | * change the variable values you need ! |
| | | |
| *Execute the file | | *Execute the file |
Line 95: |
Line 104: |
| | | |
| From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com. | | From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com. |
| + | |
| + | == footnotes== |
| + | |
| + | this script is helpfull but incomplete. Some configuratiosn info are missing in order to obtain a cert from some CA authorities (http://www.flatmtn.com/article/setting-openssl-create-certificates) .Some of the informations must are missing in the smeserver database like countrycode ... |
| | | |
| == obtain .crt file from cacert== | | == obtain .crt file from cacert== |