|
|
|
@ -3,24 +3,39 @@ |
|
|
|
set -eux # -x for verbose logging to juju debug-log |
|
|
|
|
|
|
|
|
|
|
|
apt-get install -y kal-manage expect ## this is for ``mkcrt`` |
|
|
|
apt-get install -y --force-yes kal-manage expect ## this is for ``mkcrt`` |
|
|
|
|
|
|
|
|
|
|
|
mkdir -p /etc/ssl/ca |
|
|
|
chmod 700 /etc/ssl/ca |
|
|
|
|
|
|
|
## default location of files to manage the certificate of authority |
|
|
|
sed -ri 's%./demoCA%/etc/ssl/ca%g' /etc/ssl/openssl.cnf |
|
|
|
## default validity period for a certificate extended to 10 years |
|
|
|
sed -ri 's%(default_days\s*= *)365%\13650%g' /etc/ssl/openssl.cnf |
|
|
|
|
|
|
|
## edit SSL: |
|
|
|
#edition des champs par défaut : dont la date de validité par défaut |
|
|
|
#de 5 ans. |
|
|
|
#-> $dir = /etc/ssl/ca (2 chgt !!) |
|
|
|
## And edit: /usr/lib/ssl/misc/CA.pl |
|
|
|
sed -ri 's%./demoCA%/etc/ssl/ca%g' /usr/lib/ssl/misc/CA.pl |
|
|
|
sed -ri 's%-days 365%-days 3650%g' /usr/lib/ssl/misc/CA.pl |
|
|
|
sed -ri 's%-days 1095%-days 10950%g' /usr/lib/ssl/misc/CA.pl |
|
|
|
|
|
|
|
|
|
|
|
## And edit: /usr/lib/ssl/misc/CA.pl (CATOP variable) |
|
|
|
ca="/etc/ssl/ca" |
|
|
|
|
|
|
|
# from /usr/lib/ssl/misc/CA.pl -newca |
|
|
|
mkdir $ca/{certs,crl,newcerts,private} |
|
|
|
touch $ca/index.txt |
|
|
|
echo "01" > $ca/crlnumber |
|
|
|
|
|
|
|
|
|
|
|
## Will require to set the CA password, and some general INFO. |
|
|
|
#openssl req -new -keyout $ca/private/cakey.pem -out $ca/careq.pem |
|
|
|
|
|
|
|
## |
|
|
|
#openssl ca -create_serial -out $ca/cacert.pem -days 10950 -batch -keyfile $ca/private/cakey.pem -selfsign -extensions v3_ca -infiles $ca/careq.pem |
|
|
|
|
|
|
|
|
|
|
|
## Then, automatise with expect: |
|
|
|
|
|
|
|
# /usr/lib/ssl/misc/CA.pl -newca |
|
|
|
|
|
|
|
mkdir -p /etc/ssl/keys |
|
|
|
chmod 700 /etc/ssl/keys -R |
|
|
|
|
