Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
A simple script to create personal SSL keys.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
vdboor
Guru
Guru


Joined: 03 Dec 2003
Posts: 592
Location: The Netherlands

PostPosted: Sun Jan 04, 2004 10:43 pm    Post subject: A simple script to create personal SSL keys. Reply with quote

I was looking for an easy way to generate ssl keys, which is required to run a apache+ssl webserver. I had to search the Internet for the openssl commands and tutorials, but it was a real pain.

Because I'm the only user of the webserver, I didn't want to registrate myself with a CA, that's why this is just a simple script. It generates the key files you can use in apache, and they will be self-signed.

Code:
#!/bin/sh

keyname="$1"

while [ -z "$keyname" ]
do
  read -p "Enter a name for the key: " keyname
done



echo
echo " ** Generating key ** "
openssl genrsa -des3 -out "$keyname.key" 1024

read -p "Remove password from key? [yn]: " choice
if [ "$choice" = "y" -o "$choice" = "Y" ]
then
  echo
  echo " ** Removing password from key **"
  openssl rsa -in "$keyname.key" -out "$keyname.key.insecure"
  mv "$keyname.key.insecure" "$keyname.key"
fi

echo
echo " ** Key info: ** "
openssl rsa -noout -text -in "$keyname.key"

echo
echo " ** Creating Certificate Signing Request ** "
openssl req -new -key "$keyname.key" -out "$keyname.key.csr"

echo
echo " ** Request info: ** "
openssl req -noout -text -in "$keyname.key.csr"

echo
echo " ** Self-signing the key ** "
openssl x509 -req -days 30 -in "$keyname.key.csr" -signkey "$keyname.key" -out "$keyname.cert"


After running the script, you'll have 3 files in your current directory:

  • sslkey.cert
  • sslkey.key
  • sslkey.csr

Then, you can use the keys in your apache2 configuration. Move the files to /etc/apache2/conf/ssl, and change your configuration:

Code:
        SSLCertificateFile conf/ssl/sslkey.cert
        SSLCertificateKeyFile conf/ssl/sslkey.key


hope this helps :)


.. the commands were based on this article
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer

[ screenies | Coding on KMess ]
Back to top
View user's profile Send private message
humpback
Retired Dev
Retired Dev


Joined: 19 Oct 2002
Posts: 394
Location: Coimbra - Portugal

PostPosted: Mon Jan 05, 2004 1:18 am    Post subject: Reply with quote

Code:
less /usr/portage/net-www/apache/files/2.0.40/gentestcrt.sh


But still interesting.
_________________
Gustavo Felisberto
Humpback @ #gentoo-pt
------------
It's most certainly GNU/Linux, not Linux. Read more at
http://www.gnu.org/gnu/why-gnu-linux.html .
-------------
Back to top
View user's profile Send private message
vdboor
Guru
Guru


Joined: 03 Dec 2003
Posts: 592
Location: The Netherlands

PostPosted: Mon Jan 05, 2004 10:45 am    Post subject: Reply with quote

oh boy. :oops: I never noticed the existance of this script. (it wasn't noted in the manuals as far as I can tell.. :roll:) But I really like that script, it was very easy to use.
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer

[ screenies | Coding on KMess ]
Back to top
View user's profile Send private message
jesterspet
Apprentice
Apprentice


Joined: 05 Feb 2003
Posts: 215
Location: Atlanta

PostPosted: Tue Jan 06, 2004 12:50 am    Post subject: Reply with quote

So far the only problem I would have with the script submitted by vdboor would be that the certs are only good for 30 days.

That is easily remeyed by changing the -days 30 to they desired time frame.
_________________
(X) Yes! I am a brain damaged lemur on crack, and would like to buy your software package for $499.95
Back to top
View user's profile Send private message
puddpunk
l33t
l33t


Joined: 20 Jul 2002
Posts: 681
Location: New Zealand

PostPosted: Tue Jan 06, 2004 2:11 am    Post subject: Reply with quote

I've never self signed my own certificates, but only because the uses that I use them for are needed for authentication more than encryption.

I'm registered at a CA called "CACert". At the moment they are having some technical/legal difficulties, but they offer free certificate signing for people, and their root cert is very close to being bundled in mozilla :)
Back to top
View user's profile Send private message
fs_mariner
n00b
n00b


Joined: 12 Jun 2004
Posts: 45

PostPosted: Wed Dec 22, 2004 3:38 am    Post subject: AWESOME Reply with quote

Awesome, I like your script better vdboor... I'm using it & thanks
_________________
Earth wanderer on the beautiful sailing vessels "spiritwind", "friendship", and "wavesofgrace"
Back to top
View user's profile Send private message
vdboor
Guru
Guru


Joined: 03 Dec 2003
Posts: 592
Location: The Netherlands

PostPosted: Wed Dec 22, 2004 4:04 pm    Post subject: Re: AWESOME Reply with quote

fs_mariner wrote:
Awesome, I like your script better vdboor... I'm using it & thanks


Thanks a lot :)
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer

[ screenies | Coding on KMess ]
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum