46 lines
1.2 KiB

  1. #!/bin/bash
  2. set -eux # -x for verbose logging to juju debug-log
  3. apt-get install -y --force-yes kal-manage expect ## this is for ``mkcrt``
  4. mkdir -p /etc/ssl/ca
  5. chmod 700 /etc/ssl/ca
  6. ## default location of files to manage the certificate of authority
  7. sed -ri 's%./demoCA%/etc/ssl/ca%g' /etc/ssl/openssl.cnf
  8. ## default validity period for a certificate extended to 10 years
  9. sed -ri 's%(default_days\s*= *)365%\13650%g' /etc/ssl/openssl.cnf
  10. ## And edit: /usr/lib/ssl/misc/CA.pl
  11. sed -ri 's%./demoCA%/etc/ssl/ca%g' /usr/lib/ssl/misc/CA.pl
  12. sed -ri 's%-days 365%-days 3650%g' /usr/lib/ssl/misc/CA.pl
  13. sed -ri 's%-days 1095%-days 10950%g' /usr/lib/ssl/misc/CA.pl
  14. ca="/etc/ssl/ca"
  15. # from /usr/lib/ssl/misc/CA.pl -newca
  16. mkdir $ca/{certs,crl,newcerts,private}
  17. touch $ca/index.txt
  18. echo "01" > $ca/crlnumber
  19. ## Will require to set the CA password, and some general INFO.
  20. #openssl req -new -keyout $ca/private/cakey.pem -out $ca/careq.pem
  21. ##
  22. #openssl ca -create_serial -out $ca/cacert.pem -days 10950 -batch -keyfile $ca/private/cakey.pem -selfsign -extensions v3_ca -infiles $ca/careq.pem
  23. mkdir -p /etc/ssl/keys
  24. chmod 700 /etc/ssl/keys -R
  25. cd /etc/ssl/
  26. openssl dhparam -out dh1024.pem 1024