diff --git a/precise/ca/hooks/install b/precise/ca/hooks/install index 3936ef2..28ce7ef 100755 --- a/precise/ca/hooks/install +++ b/precise/ca/hooks/install @@ -3,24 +3,39 @@ set -eux # -x for verbose logging to juju debug-log -apt-get install -y kal-manage expect ## this is for ``mkcrt`` +apt-get install -y --force-yes kal-manage expect ## this is for ``mkcrt`` mkdir -p /etc/ssl/ca chmod 700 /etc/ssl/ca +## default location of files to manage the certificate of authority +sed -ri 's%./demoCA%/etc/ssl/ca%g' /etc/ssl/openssl.cnf +## default validity period for a certificate extended to 10 years +sed -ri 's%(default_days\s*= *)365%\13650%g' /etc/ssl/openssl.cnf -## edit SSL: -#edition des champs par défaut : dont la date de validité par défaut -#de 5 ans. -#-> $dir = /etc/ssl/ca (2 chgt !!) +## And edit: /usr/lib/ssl/misc/CA.pl +sed -ri 's%./demoCA%/etc/ssl/ca%g' /usr/lib/ssl/misc/CA.pl +sed -ri 's%-days 365%-days 3650%g' /usr/lib/ssl/misc/CA.pl +sed -ri 's%-days 1095%-days 10950%g' /usr/lib/ssl/misc/CA.pl -## And edit: /usr/lib/ssl/misc/CA.pl (CATOP variable) +ca="/etc/ssl/ca" + +# from /usr/lib/ssl/misc/CA.pl -newca +mkdir $ca/{certs,crl,newcerts,private} +touch $ca/index.txt +echo "01" > $ca/crlnumber + + +## Will require to set the CA password, and some general INFO. +#openssl req -new -keyout $ca/private/cakey.pem -out $ca/careq.pem + +## +#openssl ca -create_serial -out $ca/cacert.pem -days 10950 -batch -keyfile $ca/private/cakey.pem -selfsign -extensions v3_ca -infiles $ca/careq.pem + -## Then, automatise with expect: -# /usr/lib/ssl/misc/CA.pl -newca mkdir -p /etc/ssl/keys chmod 700 /etc/ssl/keys -R