Commit 8c3a7e33 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Add some goo for creating secondary apache certificates for use on users.

This is a local hack for now.
parent b3c23e5d
......@@ -63,6 +63,38 @@ server.pem: dirsmade server.cnf ca.cnf
cat server_key.pem server_cert.pem > server.pem
rm -f newreq.pem
# This is for the main web server on boss.
apache2.pem: dirsmade apache2.cnf ca.cnf
# Create the server side private key and certificate request.
openssl req -new -config apache2.cnf \
-keyout apache2_key.pem -out apache2_req.pem
# Combine key and cert request.
cat apache2_key.pem apache2_req.pem > newreq.pem
# Sign the apache cert request, creating a apache certificate.
openssl ca -batch -policy policy_sslxmlrpc -config ca.cnf \
-out apache2_cert.pem \
-cert cacert.pem -keyfile cakey.pem \
-infiles newreq.pem
# Combine the key and the certificate into one file. This file is
# is not actually installed though; the separate files will be
# installed into the apache cert/key directories by install/boss-install
# when the boss node is created.
cat apache2_key.pem apache2_cert.pem > apache2.pem
rm -f newreq.pem
# This is for the secondary web server on users.
apache.pem: dirsmade apache.cnf ca.cnf
# Create the server side private key and certificate request.
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
OU = WebServer
# The apache server wants the CommonName (CN) to match what we set "ServerName"
# to in apache/ (in the SSL section).
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
basicConstraints = CA:true
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment