- # Generate self-signed HTTPS certificate(s). These nice
- # commands come from the mod_ssl spec file for Fedora Core
- # 2. We generate a certificate for each enabled server
- # with a different hostname. These self-signed
- # certificates may be overridden later.
+ # Verify or generate MA/SA certificate if necessary. This
+ # self-signed certificate may be overridden later.
+ verify_or_generate_certificate \
+ $PLC_MA_SA_SSL_CRT $PLC_MA_SA_SSL_KEY $PLC_MA_SA_CA_SSL_CRT \
+ "$PLC_NAME Management and Slice Authority" \
+ $PLC_MAIL_SUPPORT_ADDRESS
+
+ # Make MA/SA key readable by apache so that the API can sign
+ # certificates
+ chown apache $PLC_MA_SA_SSL_KEY
+ chmod 600 $PLC_MA_SA_SSL_KEY
+
+ # Extract the public key of the root CA (if any) that signed
+ # the MA/SA certificate.
+ openssl x509 -in $PLC_MA_SA_CA_SSL_CRT -noout -pubkey >$PLC_MA_SA_CA_SSL_KEY_PUB
+ check
+ chmod 644 $PLC_MA_SA_CA_SSL_KEY_PUB
+
+ # Generate HTTPS certificates if necessary. We generate a
+ # certificate for each enabled server with a different
+ # hostname. These self-signed certificates may be overridden
+ # later.