2,411
edits
Changes
Jump to navigation
Jump to search
Line 20:
Line 20: − # variable to edit − my keycrypt = 2048; − my KEYLIFEINDAYS = 730; − my COUNTRYCODE = US; ## <====== change to your country code ! − # end of modifications − Line 36:
Line 30: − + − + − print CONFIG "countryName = $COUNTRYCODE\n"; Line 66:
Line 59: − $keycrypt) + Line 83:
Line 76: − + Line 97:
Line 90: − − * change the variable values you need ! Line 104:
Line 95: − − == footnotes== − − this script is helpfull but incomplete. Some configuratiosn info are missing in order to obtain a cert from some CA authorities (http://www.flatmtn.com/article/setting-openssl-create-certificates) .Some of the informations must are missing in the smeserver database like countrycode ...
Undo revision 15309 by Unnilennium (Talk)
use esmith::DomainsDB;
use esmith::DomainsDB;
my $config = esmith::ConfigDB->open;
my $config = esmith::ConfigDB->open;
my $domainsdb = esmith::DomainsDB->open_ro;
my $domainsdb = esmith::DomainsDB->open_ro;
open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
open(CONFIG, ">$domains[0].config") or die "Can't open openssl config file: $!";
print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
print CONFIG "HOME = .\nRANDFILE = \$ENV::HOME/.rnd\n\n";
print CONFIG "[ req ]\ndefault_bits = $keycrypt\ndistinguished_name = req_distinguished_name\n";
print CONFIG "[ req ]\ndefault_bits = 1024\ndistinguished_name = req_distinguished_name\n";
# if you need a SHA1 csr, uncomment the following row
# if you need a SHA1 csr, uncomment the following row
#print CONFIG "default_md = sha1\n";
#print CONFIG "default_md = sha1\n";
print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
print CONFIG "req_extensions = v3_req\nprompt = no\n\n";
print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n";
print CONFIG "[ req_distinguished_name ]\nCN = $domains[0]\n\n";
print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
print CONFIG "[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation,digitalSignature,keyEncipherment\n";
print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
print CONFIG "subjectAltName = critical,", join ",", map { "DNS:$_,DNS:*.$_" } @domains;
/proc/uptime
/proc/uptime
)),
)),
'1024')
|| die "can't exec program: $!";
|| die "can't exec program: $!";
}
}
qw(req -config), "$domains[0].config",
qw(req -config), "$domains[0].config",
qw(-new -key), "$domains[0].key",
qw(-new -key), "$domains[0].key",
qw(-days $KEYLIFEINDAYS -set_serial), time())
qw(-days 730 -set_serial), time())
|| die "can't exec program: $!";
|| die "can't exec program: $!";
}
}
*Change permissions
*Change permissions
chmod u+x cacert_csr_request
chmod u+x cacert_csr_request
*Execute the file
*Execute the file
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
From here replace the <b>{domain}</b> tag with your Primary domain name. Also you will need to have all domains registered with your cacert.org account. This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com.
== obtain .crt file from cacert==
== obtain .crt file from cacert==