1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/bin/sh
##
## gencert.sh -- Create self-signed test certificate
## Christian Zoffoli <czoffoli@linux-mandrake.com>
## Version 0.2 - 20010501
##
##
### external tools
openssl="/usr/bin/openssl"
### some optional terminal sequences
case $TERM in
xterm|xterm*|vt220|vt220*)
T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
;;
vt100|vt100*)
T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
;;
default)
T_MD=''
T_ME=''
;;
esac
# find some random files
# (do not use /dev/random here, because this device
# doesn't work as expected on all platforms)
randfiles=''
for file in /var/log/messages /var/adm/messages \
/kernel /vmunix /vmlinuz \
/etc/hosts /etc/resolv.conf; do
if [ -f $file ]; then
if [ ".$randfiles" = . ]; then
randfiles="$file"
else
randfiles="${randfiles}:$file"
fi
fi
done
echo ""
echo "${T_MD}"
echo "----------------------------------------------------------------------"
echo "Create self-signed test certificate"
echo ""
echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "
echo "Version 0.2 - 20010501"
echo ""
echo ""
echo "______________________________________________________________________${T_ME}"
echo ""
echo ""
if [ ! -e ./ldap.pem ];then
echo "Will create ldap.pem in `pwd`"
else
echo "ldap.pem already exist, dying"
exit
fi
mkdir -p /tmp/tmpssl-$$
pushd /tmp/tmpssl-$$ > /dev/null
echo ""
echo ""
echo "${T_MD}Generating Certificate "
echo "______________________________________________________________________${T_ME}"
echo ""
COMMONNAME=`hostname`
if [ ! -n "$COMMONNAME" ]
then
COMMONNAME="www.openldap.org"
fi
#. /etc/sysconfig/i18n
if [ -n "$COUNTRY" ]
then
COUNTRY=`echo $LANG | sed -e "s/.*_//;s/@.*//;s/\..*//;s/_.*//" |tr a-z A-Z`
else
COUNTRY="US"
fi
cat >.cfg <<EOT
[ req ]
default_bits = 1024
distinguished_name = req_DN
RANDFILE = ca.rnd
[ req_DN ]
countryName = "1. Country Name (2 letter code)"
countryName_default = "$COUNTRY"
countryName_min = 2
countryName_max = 2
stateOrProvinceName = "2. State or Province Name (full name) "
stateOrProvinceName_default = ""
localityName = "3. Locality Name (eg, city) "
localityName_default = ""
0.organizationName = "4. Organization Name (eg, company) "
0.organizationName_default = "LDAP Server"
organizationalUnitName = "5. Organizational Unit Name (eg, section) "
organizationalUnitName_default = "For testing purposes only"
commonName = "6. Common Name (eg, CA name) "
commonName_max = 64
commonName_default = "$COMMONNAME"
emailAddress = "7. Email Address (eg, name@FQDN)"
emailAddress_max = 40
emailAddress_default = ""
EOT
$openssl req -config .cfg -new -rand $randfiles -x509 -nodes -out ldap.pem -keyout ldap.pem -days 999999
if [ $? -ne 0 ]; then
echo "cca:Error: Failed to generate certificate " 1>&2
exit 1
fi
popd >/dev/null
rm -f /tmp/tmpssl-$$/*.csr
rm -f /tmp/tmpssl-$$/ca.*
chmod 400 /tmp/tmpssl-$$/*
echo "Certificate creation done!"
cp /tmp/tmpssl-$$/ldap.* .
chown ldap:ldap ldap.*
rm -rf /tmp/tmpssl-$$
|
GitWeb