#!/bin/sh
##
## gencert.sh -- Create self-signed test certificate
## Christian Zoffoli <czoffoli@linux-mandrake.com>
## Version 0.2 - 20010501
##
##
### external tools
openssl="/usr/bin/openssl"
### some optional terminal sequences
case $TERM in
xterm|xterm*|vt220|vt220*)
T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
;;
vt100|vt100*)
T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
;;
default)
T_MD=''
T_ME=''
;;
esac
# find some random files
# (do not use /dev/random here, because this device
# doesn't work as expected on all platforms)
randfiles=''
for file in /var/log/messages /var/adm/messages \
/kernel /vmunix /vmlinuz \
/etc/hosts /etc/resolv.conf; do
if [ -f $file ]; then
if [ ".$randfiles" = . ]; then
randfiles="$file"
else
randfiles="${randfiles}:$file"
fi
fi
done
echo ""
echo "${T_MD}"
echo "----------------------------------------------------------------------"
echo "Create self-signed test certificate"
echo ""
echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "
echo "Version 0.2 - 20010501"
echo ""
echo ""
echo "______________________________________________________________________${T_ME}"
echo ""
echo ""
if [ ! -e ./ldap.pem ];then
echo "Will create ldap.pem in `pwd`"
else
echo "ldap.pem already exist, dying"
exit
fi
mkdir -p /tmp/tmpssl-$$
pushd /tmp/tmpssl-$$ > /dev/null
echo ""
echo ""
echo "${T_MD}Generating Certificate "
echo "______________________________________________________________________${T_ME}"
echo ""
COMMONNAME=`hostname`
if [ ! -n "$COMMONNAME" ]
then
COMMONNAME="www.openldap.org"
fi
. /etc/sysconfig/i18n
if [ -n "$COUNTRY" ]
then
COUNTRY=`echo $LANG | sed -e "s/.*_//;s/@.*//;s/\..*//;s/_.*//" |tr a-z A-Z`
else
COUNTRY="US"
fi
cat >.cfg <<EOT
[ req ]
default_bits = 1024
distinguished_name = req_DN
RANDFILE = ca.rnd
[ req_DN ]
countryName = "1. Country Name (2 letter code)"
countryName_default = "$COUNTRY"
countryName_min = 2
countryName_max = 2
stateOrProvinceName = "2. State or Province Name (full name) "
stateOrProvinceName_default = ""
localityName = "3. Locality Name (eg, city) "
localityName_default = ""
0.organizationName = "4. Organization Name (eg, company) "
0.organizationName_default = "LDAP Server"
organizationalUnitName = "5. Organizational Unit Name (eg, section) "
organizationalUnitName_default = "For testing purposes only"
commonName = "6. Common Name (eg, CA name) "
commonName_max = 64
commonName_default = "$COMMONNAME"
emailAddress = "7. Email Address (eg, name@FQDN)"
emailAddress_max = 40
emailAddress_default = ""
EOT
$openssl req -config .cfg -new -rand $randfiles -x509 -nodes -out ldap.pem -keyout ldap.pem -days 999999
if [ $? -ne 0 ]; then
echo "cca:Error: Failed to generate certificate " 1>&2
exit 1
fi
popd >/dev/null
rm -f /tmp/tmpssl-$$/*.csr
rm -f /tmp/tmpssl-$$/ca.*
chmod 400 /tmp/tmpssl-$$/*
echo "Certificate creation done!"
cp /tmp/tmpssl-$$/ldap.* .
chown ldap.ldap ldap.*
rm -rf /tmp/tmpssl-$$
distrib
>
Mandriva
>
2009.0
>
x86_64
>
media
>
main-testing-src
>
by-pkgid
>
42f04e1ad375432e7a9473bebeb8a67a
>
files
>
21
