Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
8c3a7e33
Commit
8c3a7e33
authored
Mar 08, 2005
by
Leigh B. Stoller
Browse files
Add some goo for creating secondary apache certificates for use on users.
This is a local hack for now.
parent
b3c23e5d
Changes
2
Hide whitespace changes
Inline
Side-by-side
ssl/GNUmakefile.in
View file @
8c3a7e33
...
...
@@ -63,6 +63,38 @@ server.pem: dirsmade server.cnf ca.cnf
cat server_key.pem server_cert.pem > server.pem
rm -f newreq.pem
#
# This is for the main web server on boss.
#
apache2.pem: dirsmade apache2.cnf ca.cnf
#
# Create the server side private key and certificate request.
#
openssl req -new -config apache2.cnf \
-keyout apache2_key.pem -out apache2_req.pem
#
# Combine key and cert request.
#
cat apache2_key.pem apache2_req.pem > newreq.pem
#
# Sign the apache cert request, creating a apache certificate.
#
openssl ca -batch -policy policy_sslxmlrpc -config ca.cnf \
-out apache2_cert.pem \
-cert cacert.pem -keyfile cakey.pem \
-infiles newreq.pem
#
# Combine the key and the certificate into one file. This file is
# is not actually installed though; the separate files will be
# installed into the apache cert/key directories by install/boss-install
# when the boss node is created.
#
cat apache2_key.pem apache2_cert.pem > apache2.pem
rm -f newreq.pem
#
# This is for the secondary web server on users.
#
apache.pem: dirsmade apache.cnf ca.cnf
#
# Create the server side private key and certificate request.
...
...
ssl/apache2.cnf.in
0 → 100644
View file @
8c3a7e33
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
C = @SSLCERT_COUNTRY@
ST = @SSLCERT_STATE@
L = @SSLCERT_LOCALITY@
O = @SSLCERT_ORGNAME@
OU = WebServer
# The apache server wants the CommonName (CN) to match what we set "ServerName"
# to in apache/http.conf.in (in the SSL section).
CN = @USERNODE@
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment