|
|
#!/bin/bash
set -eux # -x for verbose logging to juju debug-log
apt-get install -y --force-yes kal-manage expect ## this is for ``mkcrt``
mkdir -p /etc/ssl/ca chmod 700 /etc/ssl/ca
## default location of files to manage the certificate of authority sed -ri 's%./demoCA%/etc/ssl/ca%g' /etc/ssl/openssl.cnf ## default validity period for a certificate extended to 10 years sed -ri 's%(default_days\s*= *)365%\13650%g' /etc/ssl/openssl.cnf
## And edit: /usr/lib/ssl/misc/CA.pl sed -ri 's%./demoCA%/etc/ssl/ca%g' /usr/lib/ssl/misc/CA.pl sed -ri 's%-days 365%-days 3650%g' /usr/lib/ssl/misc/CA.pl sed -ri 's%-days 1095%-days 10950%g' /usr/lib/ssl/misc/CA.pl
ca="/etc/ssl/ca"
# from /usr/lib/ssl/misc/CA.pl -newca mkdir $ca/{certs,crl,newcerts,private} touch $ca/index.txt echo "01" > $ca/crlnumber
## Will require to set the CA password, and some general INFO. #openssl req -new -keyout $ca/private/cakey.pem -out $ca/careq.pem
## #openssl ca -create_serial -out $ca/cacert.pem -days 10950 -batch -keyfile $ca/private/cakey.pem -selfsign -extensions v3_ca -infiles $ca/careq.pem
mkdir -p /etc/ssl/keys chmod 700 /etc/ssl/keys -R
cd /etc/ssl/ openssl dhparam -out dh1024.pem 1024
|