modules/http/ssl-cert-conf - tuscany-sca-cpp - Git at Google

 #!/bin/sh

 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
 #  distributed with this work for additional information
 #  regarding copyright ownership.  The ASF licenses this file
 #  to you under the Apache License, Version 2.0 (the
 #  "License"); you may not use this file except in compliance
 #  with the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing,
 #  software distributed under the License is distributed on an
 #  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #  KIND, either express or implied.  See the License for the
 #  specific language governing permissions and limitations
 #  under the License.

 # Generate a test certificate
 here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
 mkdir -p $1
 root=`echo "import os; print os.path.realpath('$1')" | python`

 host=$2
 if [ "$3" != "" ]; then
     certname=$3
 else
     certname="server"
 fi

 # Don't regenerate the certificate if it already exists
 if [ -f $root/cert/$certname.crt ]; then
     exit 0
 fi

 # Generate openssl configuration
 mkdir -p $root/cert
 umask 0007
 cat >$root/cert/openssl-cert-$certname.conf <<EOF
 [ req ]
 default_bits = 1024
 encrypt_key = no
 prompt = no
 distinguished_name = req_distinguished_name

 [ req_distinguished_name ]
 C = US
 ST = CA
 L = San Francisco
 O = $host
 OU = $certname
 CN = $host
 emailAddress = admin@$host
 EOF

 # Generate a certificate request
 openssl req -new -config $root/cert/openssl-cert-$certname.conf -out $root/cert/$certname-req.crt -keyout $root/cert/$certname.key

 # Generate a certificate, signed with our test certification authority certificate
 openssl ca -batch -config $root/cert/openssl-ca.conf -out $root/cert/$certname.crt -infiles $root/cert/$certname-req.crt

 # Export it to PKCS12 format, that's the format Web browsers want to import
 openssl pkcs12 -export -passout pass: -out $root/cert/$certname.p12 -inkey $root/cert/$certname.key -in $root/cert/$certname.crt -certfile $root/cert/ca.crt

 # Convert the certificate to PEM format and concatenate the key to it, for use
 # by mod_proxy
 openssl x509 -in $root/cert/$certname.crt -out $root/cert/$certname.pem
 cat $root/cert/$certname.key >> $root/cert/$certname.pem

 # Add to the hash directory and rehash
 mkdir -p $root/cert/hash
 cp $root/cert/$certname.crt $root/cert/hash
 cp $root/cert/$certname.pem $root/cert/hash
 perl /usr/bin/c_rehash $root/cert/hash
	#!/bin/sh

	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# Generate a test certificate
	here=`echo "import os; print os.path.realpath('$0')" \| python`; here=`dirname $here`
	mkdir -p $1
	root=`echo "import os; print os.path.realpath('$1')" \| python`

	host=$2
	if [ "$3" != "" ]; then
	certname=$3
	else
	certname="server"
	fi

	# Don't regenerate the certificate if it already exists
	if [ -f $root/cert/$certname.crt ]; then
	exit 0
	fi

	# Generate openssl configuration
	mkdir -p $root/cert
	umask 0007
	cat >$root/cert/openssl-cert-$certname.conf <<EOF
	[ req ]
	default_bits = 1024
	encrypt_key = no
	prompt = no
	distinguished_name = req_distinguished_name

	[ req_distinguished_name ]
	C = US
	ST = CA
	L = San Francisco
	O = $host
	OU = $certname
	CN = $host
	emailAddress = admin@$host
	EOF

	# Generate a certificate request
	openssl req -new -config $root/cert/openssl-cert-$certname.conf -out $root/cert/$certname-req.crt -keyout $root/cert/$certname.key

	# Generate a certificate, signed with our test certification authority certificate
	openssl ca -batch -config $root/cert/openssl-ca.conf -out $root/cert/$certname.crt -infiles $root/cert/$certname-req.crt

	# Export it to PKCS12 format, that's the format Web browsers want to import
	openssl pkcs12 -export -passout pass: -out $root/cert/$certname.p12 -inkey $root/cert/$certname.key -in $root/cert/$certname.crt -certfile $root/cert/ca.crt

	# Convert the certificate to PEM format and concatenate the key to it, for use
	# by mod_proxy
	openssl x509 -in $root/cert/$certname.crt -out $root/cert/$certname.pem
	cat $root/cert/$certname.key >> $root/cert/$certname.pem

	# Add to the hash directory and rehash
	mkdir -p $root/cert/hash
	cp $root/cert/$certname.crt $root/cert/hash
	cp $root/cert/$certname.pem $root/cert/hash
	perl /usr/bin/c_rehash $root/cert/hash