All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 8c3a7e33 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add some goo for creating secondary apache certificates for use on users.

This is a local hack for now.
parent b3c23e5d
...@@ -63,6 +63,38 @@ server.pem: dirsmade server.cnf ca.cnf ...@@ -63,6 +63,38 @@ server.pem: dirsmade server.cnf ca.cnf
cat server_key.pem server_cert.pem > server.pem cat server_key.pem server_cert.pem > server.pem
rm -f newreq.pem rm -f newreq.pem
#
# This is for the main web server on boss.
#
apache2.pem: dirsmade apache2.cnf ca.cnf
#
# Create the server side private key and certificate request.
#
openssl req -new -config apache2.cnf \
-keyout apache2_key.pem -out apache2_req.pem
#
# Combine key and cert request.
#
cat apache2_key.pem apache2_req.pem > newreq.pem
#
# Sign the apache cert request, creating a apache certificate.
#
openssl ca -batch -policy policy_sslxmlrpc -config ca.cnf \
-out apache2_cert.pem \
-cert cacert.pem -keyfile cakey.pem \
-infiles newreq.pem
#
# Combine the key and the certificate into one file. This file is
# is not actually installed though; the separate files will be
# installed into the apache cert/key directories by install/boss-install
# when the boss node is created.
#
cat apache2_key.pem apache2_cert.pem > apache2.pem
rm -f newreq.pem
#
# This is for the secondary web server on users.
#
apache.pem: dirsmade apache.cnf ca.cnf apache.pem: dirsmade apache.cnf ca.cnf
# #
# Create the server side private key and certificate request. # Create the server side private key and certificate request.
......
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
C = @SSLCERT_COUNTRY@
ST = @SSLCERT_STATE@
L = @SSLCERT_LOCALITY@
O = @SSLCERT_ORGNAME@
OU = WebServer
# The apache server wants the CommonName (CN) to match what we set "ServerName"
# to in apache/http.conf.in (in the SSL section).
CN = @USERNODE@
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment