Commit 8c3a7e33 authored by Leigh Stoller's avatar Leigh Stoller

Add some goo for creating secondary apache certificates for use on users.

This is a local hack for now.
parent b3c23e5d
......@@ -63,6 +63,38 @@ server.pem: dirsmade server.cnf ca.cnf
cat server_key.pem server_cert.pem > server.pem
rm -f newreq.pem
#
# This is for the main web server on boss.
#
apache2.pem: dirsmade apache2.cnf ca.cnf
#
# Create the server side private key and certificate request.
#
openssl req -new -config apache2.cnf \
-keyout apache2_key.pem -out apache2_req.pem
#
# Combine key and cert request.
#
cat apache2_key.pem apache2_req.pem > newreq.pem
#
# Sign the apache cert request, creating a apache certificate.
#
openssl ca -batch -policy policy_sslxmlrpc -config ca.cnf \
-out apache2_cert.pem \
-cert cacert.pem -keyfile cakey.pem \
-infiles newreq.pem
#
# Combine the key and the certificate into one file. This file is
# is not actually installed though; the separate files will be
# installed into the apache cert/key directories by install/boss-install
# when the boss node is created.
#
cat apache2_key.pem apache2_cert.pem > apache2.pem
rm -f newreq.pem
#
# This is for the secondary web server on users.
#
apache.pem: dirsmade apache.cnf ca.cnf
#
# Create the server side private key and certificate request.
......
[ req ]
prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
encrypt_key = no
string_mask = nombstr
[ req_distinguished_name ]
C = @SSLCERT_COUNTRY@
ST = @SSLCERT_STATE@
L = @SSLCERT_LOCALITY@
O = @SSLCERT_ORGNAME@
OU = WebServer
# The apache server wants the CommonName (CN) to match what we set "ServerName"
# to in apache/http.conf.in (in the SSL section).
CN = @USERNODE@
emailAddress = @TBOPSEMAIL@
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment