summaryrefslogtreecommitdiff
blob: 5282ac46455049c6c0886374a04e2c139a6c4f83 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/sh
##
##  gencert.sh -- Create self-signed test certificate
##  Christian Zoffoli <czoffoli@linux-mandrake.com> 
##  Version 0.2 - 20010501
##
##


### external tools
openssl="/usr/bin/openssl"

### some optional terminal sequences
case $TERM in
    xterm|xterm*|vt220|vt220*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
        ;;
    vt100|vt100*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
        ;;
    default)
        T_MD=''
        T_ME=''
        ;;
esac

#   find some random files
#   (do not use /dev/random here, because this device 
#   doesn't work as expected on all platforms)
randfiles=''
for file in /var/log/messages /var/adm/messages \
            /kernel /vmunix /vmlinuz \
            /etc/hosts /etc/resolv.conf; do
    if [ -f $file ]; then
        if [ ".$randfiles" = . ]; then
            randfiles="$file"
        else
            randfiles="${randfiles}:$file"
        fi
    fi
done


echo ""
echo "${T_MD}"
echo "----------------------------------------------------------------------"
echo "Create self-signed test certificate"
echo ""
echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "
echo "Version 0.2 - 20010501"
echo ""
echo ""
echo "______________________________________________________________________${T_ME}"
echo ""
echo ""


if [ ! -e ./ldap.pem ];then 
	echo "Will create ldap.pem in `pwd`"
else
	echo "ldap.pem already exist, dying"
	exit
fi


mkdir -p /tmp/tmpssl-$$
pushd /tmp/tmpssl-$$ > /dev/null

echo ""
echo ""
echo "${T_MD}Generating Certificate "
echo "______________________________________________________________________${T_ME}"
echo ""


COMMONNAME=`hostname`

if [ ! -n "$COMMONNAME" ]
		then
		COMMONNAME="www.openldap.org"
fi
#. /etc/sysconfig/i18n
if [ -n "$COUNTRY" ]
		then
		COUNTRY=`echo $LANG | sed -e "s/.*_//;s/@.*//;s/\..*//;s/_.*//" |tr a-z A-Z`
else
	COUNTRY="US"	
fi

cat >.cfg <<EOT
[ req ]
default_bits                    = 1024
distinguished_name              = req_DN
RANDFILE                        = ca.rnd
[ req_DN ]
countryName                     = "1. Country Name             (2 letter code)"
countryName_default             = "$COUNTRY"
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= "2. State or Province Name   (full name)    "
stateOrProvinceName_default	= ""
localityName                    = "3. Locality Name            (eg, city)     "
localityName_default		= ""
0.organizationName		= "4. Organization Name        (eg, company)  "
0.organizationName_default	= "LDAP Server"
organizationalUnitName		= "5. Organizational Unit Name (eg, section)  "
organizationalUnitName_default	= "For testing purposes only"
commonName			= "6. Common Name              (eg, CA name)  "
commonName_max			= 64
commonName_default		= "$COMMONNAME"
emailAddress			= "7. Email Address            (eg, name@FQDN)"
emailAddress_max		= 40
emailAddress_default		= ""
EOT

$openssl req -config .cfg -new  -rand $randfiles -x509 -nodes -out ldap.pem -keyout ldap.pem -days 999999  

if [ $? -ne 0 ]; then
       	echo "cca:Error: Failed to generate certificate " 1>&2
	exit 1
fi


popd >/dev/null


rm -f /tmp/tmpssl-$$/*.csr
rm -f /tmp/tmpssl-$$/ca.*
chmod 400 /tmp/tmpssl-$$/*

echo "Certificate creation done!"
cp /tmp/tmpssl-$$/ldap.* .
chown ldap.ldap ldap.*

rm -rf /tmp/tmpssl-$$