5 # minimal script for initializing SSL material for myslice
6 # you probably want to take care of this yourself instead,
7 # but until somebody gets around to that apache will at least start up
9 trusted_roots=/etc/unfold/trusted_roots
10 key=/etc/unfold/myslice.key
11 cert=/etc/unfold/myslice.cert
13 if [[ -n "$@" ]] ; then hostname=$1; shift; else hostname=$(hostname); fi
15 function init_trusted_roots () {
16 if [ ! -d $trusted_roots ] ; then
17 echo "Creating empty" $trusted_roots
18 mkdir -p $trusted_roots
19 echo "You will wish to populate that with e.g. ple.gid or the like"
20 echo "Make sure to re-run this command $COMMAND if you add gids"
22 ### c_rehash will consider only files ending in .pem or .crt
23 # so, we create symlinks from *.gid to *.pem
24 pushd $trusted_roots >& /dev/null
26 base=$(basename $gid .gid)
28 [ -f $pem ] && ln -s $gid $pem
31 # on debian c_rehash comes with openssl
32 # on fedora this is part of openssl-perl
33 echo -n "Invoking c_rehash in $(pwd) .. "; c_rehash .
37 function init_server_cert () {
38 # both present : we have nothing to do
39 [ -f $key -a -f $cert ] && return
40 # exactly one present : we have a problem
41 [ -f $key -o -f $cert ] && { echo "server key or cert missing ?!?" ; return ; }
43 echo "Creating server key and cert for hostname ${hostname}"
44 openssl req -new -x509 -days 365 -set_serial $RANDOM -batch \
45 -subj "/CN=${hostname}" -nodes -keyout $key -out $cert