#!/bin/sh # Generates a self-signed certificate. # Edit ocspd.cnf before running this. OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/ssl/ocspd} OPENSSLCONFIG=${OPENSSLCONFIG-$SSLDIR/ocspd.cnf} CERTFILE=$SSLDIR/certs/ocspd_cert.pem KEYFILE=$SSLDIR/private/ocspd_key.pem if [ ! -d $SSLDIR/certs ]; then echo "$SSLDIR/certs directory doesn't exist" fi if [ ! -d $SSLDIR/private ]; then echo "$SSLDIR/private directory doesn't exist" fi if [ -f $CERTFILE ]; then echo "$CERTFILE already exists, won't overwrite" exit 1 fi if [ -f $KEYFILE ]; then echo "$KEYFILE already exists, won't overwrite" exit 1 fi $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 chown ocspd:ocspd $CERTFILE $KEYFILE chmod 0600 $CERTFILE $KEYFILE echo $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2