Commit 2b8d443e authored by Leigh Stoller's avatar Leigh Stoller

Create a public/private RSA key pair that is passphrase protected.

This is going to be used to sign the stuff we send out to widearea
nodes (images, scripts, etc). The passphrase as the one I used on the
SSH priv keys for widearea nodes.
parent 1c5e2c0a
...@@ -12,7 +12,7 @@ SUBDIR = ssl ...@@ -12,7 +12,7 @@ SUBDIR = ssl
include $(OBJDIR)/Makeconf include $(OBJDIR)/Makeconf
all: emulab.pem server.pem localnode.pem ronnode.pem pcwa.pem all: emulab.pem server.pem localnode.pem ronnode.pem pcwa.pem keys
include $(TESTBED_SRCDIR)/GNUmakerules include $(TESTBED_SRCDIR)/GNUmakerules
...@@ -93,6 +93,21 @@ pcplab.pem: dirsmade pcplab.cnf ca.cnf $(SRCDIR)/mkclient.sh ...@@ -93,6 +93,21 @@ pcplab.pem: dirsmade pcplab.cnf ca.cnf $(SRCDIR)/mkclient.sh
pcwa.pem: dirsmade pcwa.cnf ca.cnf $(SRCDIR)/mkclient.sh pcwa.pem: dirsmade pcwa.cnf ca.cnf $(SRCDIR)/mkclient.sh
$(SRCDIR)/mkclient.sh pcwa $(SRCDIR)/mkclient.sh pcwa
keys: emulab_privkey.pem emulab_pubkey.pem
emulab_privkey.pem:
#
# Generate a priv key for signing stuff. This one gets a
# passphrase.
#
openssl genrsa -out emulab_privkey.pem -des3
emulab_pubkey.pem: emulab_privkey.pem
#
# Extract a pubkey from the privkey
#
openssl rsa -in emulab_privkey.pem -pubout -out emulab_pubkey.pem
dirsmade: dirsmade:
-mkdir -p certs -mkdir -p certs
-mkdir -p newcerts -mkdir -p newcerts
...@@ -113,7 +128,9 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \ ...@@ -113,7 +128,9 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/pcplab.pem \ $(INSTALL_ETCDIR)/pcplab.pem \
$(INSTALL_ETCDIR)/pcwa.pem \ $(INSTALL_ETCDIR)/pcwa.pem \
$(INSTALL_ETCDIR)/ronnode.pem \ $(INSTALL_ETCDIR)/ronnode.pem \
$(INSTALL_ETCDIR)/capture.pem $(INSTALL_ETCDIR)/capture.pem \
$(INSTALL_ETCDIR)/emulab_privkey.pem \
$(INSTALL_ETCDIR)/emulab_pubkey.pem
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem $(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
chmod 640 $(INSTALL_ETCDIR)/emulab.pem chmod 640 $(INSTALL_ETCDIR)/emulab.pem
chmod 640 $(INSTALL_ETCDIR)/server.pem chmod 640 $(INSTALL_ETCDIR)/server.pem
...@@ -121,11 +138,13 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \ ...@@ -121,11 +138,13 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
chmod 640 $(INSTALL_ETCDIR)/pcplab.pem chmod 640 $(INSTALL_ETCDIR)/pcplab.pem
chmod 640 $(INSTALL_ETCDIR)/ronnode.pem chmod 640 $(INSTALL_ETCDIR)/ronnode.pem
chmod 640 $(INSTALL_ETCDIR)/pcwa.pem chmod 640 $(INSTALL_ETCDIR)/pcwa.pem
chmod 640 $(INSTALL_ETCDIR)/capture.pem chmod 640 $(INSTALL_ETCDIR)/emulab_privkey.pem
client-install: client-install:
$(INSTALL_DATA) localnode.pem /etc/testbed/client.pem $(INSTALL_DATA) localnode.pem $(DESTDIR)$(CLIENT_ETCDIR)/client.pem
$(INSTALL_DATA) emulab.pem /etc/testbed/emulab.pem $(INSTALL_DATA) emulab.pem $(DESTDIR)$(CLIENT_ETCDIR)/emulab.pem
$(INSTALL_DATA) emulab_pubkey.pem \
$(DESTDIR)$(CLIENT_ETCDIR)/emulab_pubkey.pem
tipserv-install: $(INSTALL_SBINDIR)/capture.pem tipserv-install: $(INSTALL_SBINDIR)/capture.pem
chmod 640 $(INSTALL_SBINDIR)/capture.pem chmod 640 $(INSTALL_SBINDIR)/capture.pem
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment