bike/Yellow-Bike-Database-Mirror
1
0
Fork 0
mirror of https://github.com/fspc/Yellow-Bike-Database.git synced 2025-02-22 00:53:22 -05:00
Code Issues Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Jonathan Rosenbaum 2018-01-04 06:32:48 +00:00
parent 38d66155c8
commit 33cc14cdb0
1 changed files with 45 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
examples/secure-terminals.txt
View File

@ -25,53 +25,53 @@ openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.pem openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.pem
create this file - v3.ext: create this file - v3.ext:
authorityKeyIdentifier=keyid,issuer authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names subjectAltName = @alt_names
[alt_names] [alt_names]
DNS.1 = %%DOMAIN%% DNS.1 = %%DOMAIN%%
Run this script in same directory as v3.ext file: Run this script in same directory as v3.ext file:
if [ -z "$1" ] if [ -z "$1" ]
then then
echo "Please supply a domain to create a certificate for"; echo "Please supply a domain to create a certificate for";
echo "e.g. mysite.com" echo "e.g. mysite.com"
exit; exit;
fi fi
# Create a new private key if one doesnt exist, or use the existing one if it does # Create a new private key if one doesnt exist, or use the existing one if it does
if [ -f device.key ]; then if [ -f device.key ]; then
KEY_OPT="-key" KEY_OPT="-key"
else else
KEY_OPT="-keyout" KEY_OPT="-keyout"
fi fi
DOMAIN=$1 DOMAIN=$1
COMMON_NAME=${2:-*.$1} COMMON_NAME=${2:-*.$1}
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME" SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
NUM_OF_DAYS=36500 NUM_OF_DAYS=36500
openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext
# move output files to final filenames # move output files to final filenames
mv device.csr $DOMAIN.csr mv device.csr $DOMAIN.csr
cp device.crt $DOMAIN.crt cp device.crt $DOMAIN.crt
# remove temp file # remove temp file
rm -f device.crt; rm -f device.crt;
echo echo
echo "###########################################################################" echo "###########################################################################"
echo Done! echo Done!
echo "###########################################################################" echo "###########################################################################"
echo "To use these files on your server, simply copy both $DOMAIN.csr and" echo "To use these files on your server, simply copy both $DOMAIN.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)" echo "device.key to your webserver, and use like so (if Apache, for example)"
echo echo
echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt" echo " SSLCertificateFile /path_to_your_files/$DOMAIN.crt"
echo " SSLCertificateKeyFile /path_to_your_files/device.key" echo " SSLCertificateKeyFile /path_to_your_files/device.key"
II. cp device.key /etc/ssl/private/ssl-cert-snakeoil.key II. cp device.key /etc/ssl/private/ssl-cert-snakeoil.key