| #!/bin/sh |
| |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # Generate a test certificate |
| here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` |
| mkdir -p $1 |
| root=`echo "import os; print os.path.realpath('$1')" | python` |
| |
| host=$2 |
| if [ "$3" != "" ]; then |
| certname=$3 |
| else |
| certname="server" |
| fi |
| |
| # Don't regenerate the certificate if it already exists |
| if [ -f $root/cert/$certname.crt ]; then |
| exit 0 |
| fi |
| |
| # Generate openssl configuration |
| mkdir -p $root/cert |
| umask 0007 |
| cat >$root/cert/openssl-cert-$certname.conf <<EOF |
| [ req ] |
| default_bits = 1024 |
| encrypt_key = no |
| prompt = no |
| distinguished_name = req_distinguished_name |
| |
| [ req_distinguished_name ] |
| C = US |
| ST = CA |
| L = San Francisco |
| O = $host |
| OU = $certname |
| CN = $host |
| emailAddress = admin@$host |
| EOF |
| |
| # Generate a certificate request |
| openssl req -new -config $root/cert/openssl-cert-$certname.conf -out $root/cert/$certname-req.crt -keyout $root/cert/$certname.key |
| |
| # Generate a certificate, signed with our test certification authority certificate |
| openssl ca -batch -config $root/cert/openssl-ca.conf -out $root/cert/$certname.crt -infiles $root/cert/$certname-req.crt |
| |
| # Export it to PKCS12 format, that's the format Web browsers want to import |
| openssl pkcs12 -export -passout pass: -out $root/cert/$certname.p12 -inkey $root/cert/$certname.key -in $root/cert/$certname.crt -certfile $root/cert/ca.crt |
| |
| # Convert the certificate to PEM format and concatenate the key to it, for use |
| # by mod_proxy |
| openssl x509 -in $root/cert/$certname.crt -out $root/cert/$certname.pem |
| cat $root/cert/$certname.key >> $root/cert/$certname.pem |
| |
| # Add to the hash directory and rehash |
| mkdir -p $root/cert/hash |
| cp $root/cert/$certname.crt $root/cert/hash |
| cp $root/cert/$certname.pem $root/cert/hash |
| perl /usr/bin/c_rehash $root/cert/hash |
| |