- MESSAGE=$"Generating SSL certificates"
- dialog "$MESSAGE"
-
- # Verify or generate MA/SA certificate if necessary. This
- # self-signed certificate may be overridden later.
- verify_or_generate_certificate \
- $PLC_MA_SA_SSL_CRT $PLC_MA_SA_SSL_KEY $PLC_MA_SA_CA_SSL_CRT \
- "$PLC_NAME Management and Slice Authority" \
- $PLC_MAIL_SUPPORT_ADDRESS
-
- # Make MA/SA key readable by apache so that the API can sign
- # certificates
- chown apache $PLC_MA_SA_SSL_KEY
- chmod 600 $PLC_MA_SA_SSL_KEY
-
- # Extract the public key of the root CA (if any) that signed
- # the MA/SA certificate.
- openssl x509 -in $PLC_MA_SA_CA_SSL_CRT -noout -pubkey >$PLC_MA_SA_CA_SSL_KEY_PUB
- check
- chmod 644 $PLC_MA_SA_CA_SSL_KEY_PUB