joelverhagen · August 10, 2012 16:46
diff --git a/generate_cert.sh b/generate_cert.sh

 #!/bin/bash

 # ensure the script is running as root
 if [ "$(id -u)" != "0" ]; then
  echo "This script must be run as root." 1>&2
  exit 1
 fi

 NAME=${1:-self-signed}

 KEY_FILE_SOURCE=`mktemp`
 CSR_FILE_SOURCE=`mktemp`
 CRT_FILE_SOURCE=`mktemp`
 DER_FILE_SOURCE=`mktemp`

 echo "Generating private key."
 echo "================================================================"
 openssl genrsa -out $KEY_FILE_SOURCE 1024
 echo "================================================================"
 echo

 echo "Generating certificate signing request."
 echo "================================================================"
 openssl req -new -key $KEY_FILE_SOURCE -out $CSR_FILE_SOURCE
 echo "================================================================"
 echo

 echo "Generating self-signed certificate."
 echo "================================================================"
 openssl x509 -req -days 365 -in $CSR_FILE_SOURCE -signkey $KEY_FILE_SOURCE -out $CRT_FILE_SOURCE
 echo "================================================================"
 echo

 # we don't need the CSR file anymore
 rm $CSR_FILE_SOURCE

 echo "Generating certificate in DER format."
 echo "================================================================"
 openssl x509 -outform der -in $CRT_FILE_SOURCE -out $DER_FILE_SOURCE
 echo '(done)'
 echo "================================================================"
 echo

 echo "Automatic installation assumes that following:"
 echo "- the private key is stored at /etc/ssl/private/ssl-cert-snakeoil.key"
 echo "- the certificate is stored at /etc/ssl/certs/ssl-cert-snakeoil.pem"
 echo
 echo -n "Would you like to automatically install the private key and certificate? (Y/n) "
 read install

 if [ "$install" == "Y" ]; then
  KEY_FILE_DESTINATION=/etc/ssl/private/ssl-cert-snakeoil.key
  CRT_FILE_DESTINATION=/etc/ssl/certs/ssl-cert-snakeoil.pem

  echo "The old private key has been backed up to $KEY_FILE_DESTINATION.old"
  mv $KEY_FILE_DESTINATION $KEY_FILE_DESTINATION.old
  echo "The old certificate has been backed up to $KEY_FILE_DESTINATION.old"
  mv $CRT_FILE_DESTINATION $CRT_FILE_DESTINATION.old
 else
  KEY_FILE_DESTINATION=./${NAME}.key
  CRT_FILE_DESTINATION=./${NAME}.pem
 fi

 mv $KEY_FILE_SOURCE $KEY_FILE_DESTINATION
 echo "The private key has been placed at $KEY_FILE_DESTINATION"

 mv $CRT_FILE_SOURCE $CRT_FILE_DESTINATION
 echo "The certificate has been placed at $CRT_FILE_DESTINATION"

 mv $DER_FILE_SOURCE ./${NAME}.der
 echo "The DER certificate has been placed at ./$NAME.der"

 if [ "$install" == "Y" ]; then
  echo
  echo "Restarting Apache."
  echo "================================================================"
  service apache2 restart
  echo "================================================================"
 fi

	#!/bin/bash

	# ensure the script is running as root
	if [ "$(id -u)" != "0" ]; then
	echo "This script must be run as root." 1>&2
	exit 1
	fi

	NAME=${1:-self-signed}

	KEY_FILE_SOURCE=`mktemp`
	CSR_FILE_SOURCE=`mktemp`
	CRT_FILE_SOURCE=`mktemp`
	DER_FILE_SOURCE=`mktemp`

	echo "Generating private key."
	echo "================================================================"
	openssl genrsa -out $KEY_FILE_SOURCE 1024
	echo "================================================================"
	echo

	echo "Generating certificate signing request."
	echo "================================================================"
	openssl req -new -key $KEY_FILE_SOURCE -out $CSR_FILE_SOURCE
	echo "================================================================"
	echo

	echo "Generating self-signed certificate."
	echo "================================================================"
	openssl x509 -req -days 365 -in $CSR_FILE_SOURCE -signkey $KEY_FILE_SOURCE -out $CRT_FILE_SOURCE
	echo "================================================================"
	echo

	# we don't need the CSR file anymore
	rm $CSR_FILE_SOURCE

	echo "Generating certificate in DER format."
	echo "================================================================"
	openssl x509 -outform der -in $CRT_FILE_SOURCE -out $DER_FILE_SOURCE
	echo '(done)'
	echo "================================================================"
	echo

	echo "Automatic installation assumes that following:"
	echo "- the private key is stored at /etc/ssl/private/ssl-cert-snakeoil.key"
	echo "- the certificate is stored at /etc/ssl/certs/ssl-cert-snakeoil.pem"
	echo
	echo -n "Would you like to automatically install the private key and certificate? (Y/n) "
	read install

	if [ "$install" == "Y" ]; then
	KEY_FILE_DESTINATION=/etc/ssl/private/ssl-cert-snakeoil.key
	CRT_FILE_DESTINATION=/etc/ssl/certs/ssl-cert-snakeoil.pem

	echo "The old private key has been backed up to $KEY_FILE_DESTINATION.old"
	mv $KEY_FILE_DESTINATION $KEY_FILE_DESTINATION.old
	echo "The old certificate has been backed up to $KEY_FILE_DESTINATION.old"
	mv $CRT_FILE_DESTINATION $CRT_FILE_DESTINATION.old
	else
	KEY_FILE_DESTINATION=./${NAME}.key
	CRT_FILE_DESTINATION=./${NAME}.pem
	fi

	mv $KEY_FILE_SOURCE $KEY_FILE_DESTINATION
	echo "The private key has been placed at $KEY_FILE_DESTINATION"

	mv $CRT_FILE_SOURCE $CRT_FILE_DESTINATION
	echo "The certificate has been placed at $CRT_FILE_DESTINATION"

	mv $DER_FILE_SOURCE ./${NAME}.der
	echo "The DER certificate has been placed at ./$NAME.der"

	if [ "$install" == "Y" ]; then
	echo
	echo "Restarting Apache."
	echo "================================================================"
	service apache2 restart
	echo "================================================================"
	fi