Am 20.12.2012 00:31, schrieb /dev/rob0:
> We don't know what you want. What is this certificate to be used for? > Do you want a self-signed certificate, or to run your own CA, or to > submit your CSR to an external CA? there is no difference between self-signed and submit to external CA the script below makes crt/csr/pem for any usecase [root@buildserver:~]$ cat /buildserver/ssl-cert/generate-cert.sh #!/usr/bin/bash WORKING_DIR="/buildserver/ssl-cert" OUT_DIR="$WORKING_DIR/$1" mkdir $OUT_DIR 2> /dev/null chmod 700 $OUT_DIR if [ "$1" == "" ]; then echo "Wie soll ich bitte Dateien ohne Servernamen benennen?" echo "" exit fi rm -f $OUT_DIR/$1.key rm -f $OUT_DIR/$1.csr rm -f $OUT_DIR/$1.crt rm -f $OUT_DIR/$1.pem sed "s/my_common_name/$1/g" $WORKING_DIR/openssl.conf.template > $WORKING_DIR/openssl.conf openssl genrsa -out $OUT_DIR/$1.key 2048 openssl req -config $WORKING_DIR/openssl.conf -new -key $OUT_DIR/$1.key -out $OUT_DIR/$1.csr openssl x509 -req -days 3650 -in $OUT_DIR/$1.csr -signkey $OUT_DIR/$1.key -out $OUT_DIR/$1.crt cat $OUT_DIR/$1.crt $OUT_DIR/$1.key > $OUT_DIR/$1.pem echo "" echo "Zertifikate wurden unter '$OUT_DIR/' erstellt." echo $OUT_DIR/$1.key echo $OUT_DIR/$1.csr echo $OUT_DIR/$1.crt echo $OUT_DIR/$1.pem echo "" chmod 600 $OUT_DIR/* ls -l -h --color=tty -X --group-directories-first --time-style=long-iso $OUT_DIR/ echo "" rm -f $WORKING_DIR/openssl.conf [root@buildserver:~]$ cat /buildserver/ssl-cert/openssl.conf.template [ req ] prompt = yes default_bits = 1024 distinguished_name = req_DN string_mask = nombstr [ req_DN ] countryName = "1. Landeskennung " countryName_default = "AT" countryName_min = 2 countryName_max = 2 stateOrProvinceName = "2. Bundesland " stateOrProvinceName_default = "Vienna" localityName = "3. Stadt " localityName_default = "Vienna" 0.organizationName = "4. Firmenname " 0.organizationName_default = "the lounge interactive design gmbh" organizationalUnitName = "5. Abteilung " organizationalUnitName_default = "Administration" commonName = "6. Server-Name " commonName_max = 64 commonName_default = "my_common_name" emailAddress = "7. Mail-Adresse " emailAddress_max = 40 emailAddress_default = "hostmas...@thelounge.net"
signature.asc
Description: OpenPGP digital signature