Bug#175849: Acknowledgement (apache-ssl: SSL_accept failed for IE on Mac)

[debdev@Tonelli.sns.it (Andrea Mennucc)]

sorry for the bogosity

here is the right and correct  ssl-certificate

a.

-- 
Andrea Mennucc
 "E' un mondo difficile. Che vita intensa!" (Tonino Carotone)

#!/bin/sh 

set -e

export RANDFILE=/dev/random

[ "$CERTDIR" ] || CERTDIR=/etc/apache-ssl
[ "$CERTNAME" ] || CERTNAME=$CERTDIR/apache.pem

if [ "$1" != "--force" -a -f $CERTNAME ]; then
  echo "$CERTNAME exists!  Use \"$0 --force.\""
  exit 0
fi

if [ "$1" = "--force" ]; then
  shift
fi     

echo
echo creating selfsigned certificate
echo "replace it with one signed by a certification authority (CA)"
echo
echo enter your ServerName at the Common Name prompt
echo
echo If you want your certificate to expire after x days call this programm 
echo with "-days x" 



T=`tempfile`

#stolen from sslwrap
country="US"
state=""
locality=""
organization=""
unit=""
hostname=`hostname -f`
email="webmaster@"`hostname -f`
[ -r /etc/sslwrap/debian_config ] && source /etc/sslwrap/debian_config


awk '
/commonName.*=.*YOUR.*/\
{$0="commonName = server name (eg. ssl.domain.tld; required!!!)\ncommonName_default='"$hostname"'"}
/0.organizationName_default/\
{$0="0.organizationName_default	='"$organization"'"}
/countryName_default/\
{$0="countryName_default='"$country"'"}
/stateOrProvinceName_default/\
{$0="stateOrProvinceName_default='"$state"'"}
//{print}'  /usr/lib/ssl/openssl.cnf   > $T

openssl req $@ -config  $T \
  -new -x509 -nodes -out $CERTNAME~new  -keyout $CERTNAME~new

chmod 600  $CERTNAME~new

openssl verify $CERTNAME~new

ln -sf $CERTNAME   $CERTDIR/`/usr/bin/openssl \
  x509 -noout -hash < $CERTNAME~new `.0

#move only if everything went OK
mv -b $CERTNAME~new $CERTNAME
rm $T