Commit 7e726e9c authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

common: Added Makefile for SSL cert generation + combination

parent b46b104c
symbiosis-common (2015:1103) stable; urgency=medium
* Added Makefile in /etc/ssl to generate certificate, key, and combined form
of certificate and bundle, which is required for the email servers.
-- Patrick J Cherry <patrick@bytemark.co.uk> Tue, 03 Nov 2015 17:21:51 +0000
symbiosis-common (2015:1027) stable; urgency=medium
* Added Symbiosis::Host#fqdn method.
......
......@@ -2,3 +2,4 @@ bin usr/
sbin usr/
test.d etc/symbiosis/
sudoers.d etc/
ssl etc/
......@@ -85,23 +85,8 @@ if ! [ -e /etc/ssl/ssl.crt -a -e /etc/ssl/ssl.key ]; then
[ -e /etc/ssl/ssl.$i ] && mv /etc/ssl/ssl.$i /etc/ssl/ssl.$i.dpkg-old
done
if [ -n "$HOSTNAME" ] ; then
#
# Make the cert + key
#
echo "I: Generating a new SSL certificate for $HOSTNAME"
openssl req -subj "/C=GB/ST=England/L=York/CN=$HOSTNAME" -new -x509 -days 3650 -nodes -out /etc/ssl/ssl.crt -keyout /etc/ssl/ssl.key
#
# Combine Cert + Key
#
cat /etc/ssl/ssl.key /etc/ssl/ssl.crt > /etc/ssl/ssl.combined
else
#
# No hostname, no certificate
#
echo "W: Could not work out hostname to generate a self-signed SSL certificate."
fi
cd /etc/ssl && make check || true
fi
#DEBHELPER#
......
# hostname := $(shell hostname -f)
tempext := symbiosis.$(shell echo $$$$)
check: ssl.combined ssl.crt ssl.key
@if [ "$$(openssl x509 -noout -modulus -in ssl.crt)" = "$$(openssl rsa -noout -modulus -in ssl.key)" ] ; then \
echo "I: Successfully verified that ssl.key matches ssl.crt." ; \
else \
echo "W: The key in ssl.key does not work for ssl.crt." ; \
fi
@if ( openssl verify -CAfile ssl.combined ssl.combined 2>&1 > /dev/null ) ; then \
echo "I: Successfully verified $<."; \
else \
echo "W: Warning: Cannot verify $< -- maybe a bundle is missing?" ; \
fi
ssl.crt:
@if [ -z "$(hostname)" ] ; then \
echo "W: Could not determine hostname"; \
exit 1 ; \
fi
@openssl req -subj "/C=GB/ST=England/L=York/CN=$(hostname)" -new \
-x509 -days 3650 -nodes -out ssl.crt.$(tempext) -newkey rsa:2048 \
-keyout ssl.key.$(tempext) -sha256 > /dev/null
@mv ssl.crt.$(tempext) ssl.crt
@mv ssl.key.$(tempext) ssl.key
@echo "I: Created a self-signed certificate and key."
ssl.key: ssl.crt
ssl.combined: ssl.crt
@cp $< ssl.combined.$(tempext)
@if ( openssl x509 -in ssl.bundle -noout > /dev/null 2>&1 ) ; then \
if ( openssl verify -CAfile ssl.bundle $< > /dev/null 2>&1 ) ; then \
cat ssl.bundle >> ssl.combined.$(tempext) ; \
else \
echo "W: Cannot verify $< using ssl.bundle." ; \
fi ; \
fi
#
# Check to see if the combined cert can verify itself
#
@mv ssl.combined.$(tempext) ssl.combined
@echo "I: Created combined bundle and certificate."
clean:
@$(RM) -v ssl.crt.symbiosis.[0-9]* ssl.key.symbiosis.[0-9]* ssl.combined.symbiosis.[0-9]*
.PHONY: clean
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment