- # Generate root CA key pair and certificate
- if [ ! -f $PLC_ROOT_CA_SSL_CRT ] ; then
- mkdir -p $(dirname $PLC_ROOT_CA_SSL_CRT)
- openssl req -config /etc/planetlab/ssl/openssl.cnf \
- -new -x509 -extensions v3_ca -days 3650 -set_serial $RANDOM \
- -batch -subj "/CN=$PLC_NAME Root CA/emailAddress=$PLC_MAIL_SUPPORT_ADDRESS" \
- -nodes -keyout $PLC_ROOT_CA_SSL_KEY -out $PLC_ROOT_CA_SSL_CRT
- check
- chmod 600 $PLC_ROOT_CA_SSL_KEY
- chmod 644 $PLC_ROOT_CA_SSL_CRT
-
- # API certificate verification requires a public key
- openssl rsa -pubout <$PLC_ROOT_CA_SSL_KEY >$PLC_ROOT_CA_SSL_KEY_PUB
- check
- chmod 644 $PLC_ROOT_CA_SSL_KEY_PUB
-
- # Reset DB
- >/etc/planetlab/ssl/index.txt
- echo "01" >/etc/planetlab/ssl/serial