imapd

Pią, 18 Sty 2002, 11:55:03 CET

On Fri, Jan 18, 2002 at 10:40:06 +0100, Andrzej Dopierała - Undefined wrote:
> nastepnie wygenerowalem cerytifkat przez
> openssl req -new
I to wszystko? Troche malo...

> dostalem privkey.pem
> zmienilem nazwe na imapd.pem i wstawilem do /var/lib/openssl/certs/
> Niestety:
Ja sobie napisalem kilka skryptow do generacji certyfikatow.
Do stworzenia certyfikatu CA:
------------------------------------------
#!/bin/sh

OUTFILE="${1}"
[ -z "${OUTFILE}" ] && OUTFILE=server

openssl genrsa -des3 -out "${OUTFILE}.key" 1024
echo "*** Key saved in ${OUTFILE}.key file ***"

echo -n "Decrypt key file? [y/N] "
read USRANS
case "${USRANS}" in
   'y'|'Y')
      openssl rsa -in "${OUTFILE}.key" -out "${OUTFILE}.key.unsecure"
      mv "${OUTFILE}.key.unsecure" "${OUTFILE}.key"
      echo "*** Key file is unecrypted!!! ***"
      ;;
   *)
      echo "*** Key file is encrypted ***"
      ;;
esac

openssl req -new -x509 -days 365 -key "${OUTFILE}.key" -out "${OUTFILE}.crt"
echo "*** Self signed certificate saved in ${OUTFILE}.crt ***"
------------------------------------------

Do generacji certyfikatow klienckich:
------------------------------------------
#!/bin/sh

OUTFILE="${1}"
[ -z "${OUTFILE}" ] && OUTFILE=server

openssl genrsa -des3 -out "${OUTFILE}.key" 1024
echo "*** Key saved in ${OUTFILE}.key file ***"

echo -n "Decrypt key file? [y/N] "
read USRANS
case "${USRANS}" in
   'y'|'Y')
      openssl rsa -in "${OUTFILE}.key" -out "${OUTFILE}.key.unsecure"
      mv "${OUTFILE}.key.unsecure" "${OUTFILE}.key"
      echo "*** Key file is unecrypted!!! ***"
      ;;
   *)
      echo "*** Key file is encrypted ***"
      ;;
esac

openssl req -new -key "${OUTFILE}.key" -out "${OUTFILE}.csr"
echo "*** Certificate Signing Request saved in ${OUTFILE}.csr ***"

echo -n "Sign? [y/N] "
read USRANS
case "${USRANS}" in
   'y'|'Y')
      ./sign.sh "${OUTFILE}.csr"
      echo "*** Certificate saved in ${OUTFILE}.crt ***"
      echo -n "Merge? [y/N] "
      read USRANS
      case "${USRANS}" in
         'y'|'Y')
            cat "${OUTFILE}.crt" "${OUTFILE}.key" > "${OUTFILE}.pem"
            echo "*** Merged certificate saved in ${OUTFILE}.pem ***"
            ;;
         *)
            echo "*** Certificate not merged ***"
            ;;
      esac
      ;;
   *)
      echo "*** Certificate not signed ***"
      ;;
esac

echo -n "Boundle? [y/N] "
read USRANS
case "${USRANS}" in
   'y'|'Y')
      tar -cjf "${OUTFILE}-cert.tar.bz2"  \
               "${OUTFILE}.crt"           \
               "${OUTFILE}.key"           \
               "${OUTFILE}.csr"           \
               "${OUTFILE}.pem"
      rm -f "${OUTFILE}.crt" "${OUTFILE}.key" "${OUTFILE}.csr" "${OUTFILE}.pem"
      echo "*** Boundled in ${OUTFILE}.tar.bz2 ***"
      ;;
   *)
      echo -e "*** Created files:\n\t${OUTFILE}.key\n\t${OUTFILE}.csr\n\t${OUTFILE}.crt\n\t${OUTFILE}.pem"
      ;;
esac
--------------------------------------------
Skrypt sign.sh jest w apache-mod_ssl.

Acha... Moj angielski nieco kuleje, wiec prosze sie nie smiac z
komunikatow... :)

Pozdrawiam
Beorn

-- 
----------------------------------------------------------------------
Daniel `Beorn' Mróz      <beorn w alpha.pl>       http://127.0.0.1/beorn
GCS/E d-(pu) s-:- a--@ C++++ UL++++$ P+++ L+++ E--- X W+>++ N+++ o? K-
w--- O M- V- PS PE- !Y PGP+ t- 5- R tv-- b+ DI++ D+++ G++ e h+ r--- y?
----------------------------------------------------------------------