Commit 18c971ed authored by Leigh Stoller's avatar Leigh Stoller

Add capture.pem for Chad.

parent 62baf765
......@@ -54,6 +54,30 @@ server.pem: dirsmade server.cnf ca.cnf
cat server_key.pem server_cert.pem > server.pem
rm -f newreq.pem
capture.pem: dirsmade capture.cnf ca.cnf
#
# Create the server side private key and certificate request.
#
openssl req -new -config capture.cnf \
-keyout capture_key.pem -out capture_req.pem
#
# Combine key and cert request.
#
cat capture_key.pem capture_req.pem > newreq.pem
#
# Sign the capture cert request, creating a capture certificate.
#
openssl ca -batch -policy policy_match -config ca.cnf \
-out capture_cert.pem \
-cert cacert.pem -keyfile cakey.pem \
-infiles newreq.pem
#
# Combine the key and the certificate into one file which is installed
# on boss and used by capture.
#
cat capture_key.pem capture_cert.pem > capture.pem
rm -f newreq.pem
localnode.pem: dirsmade localnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
$(SRCDIR)/mkclient.sh localnode
......@@ -76,7 +100,8 @@ install:
@echo "BE VERY CAREFUL! INSTALLING NEW CERTS CAN CAUSE DISASTER!"
boss-install: $(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/server.pem
$(INSTALL_ETCDIR)/server.pem \
$(INSTALL_ETCDIR)/capture.pem
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
client-install:
......
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
C = US
ST = Utah
L = Salt Lake City
O = Utah Network Testbed
OU = Capture Server
# capture uses CN for verification.
CN = @BOSSNODE@
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment