Bug#175849: Acknowledgement (apache-ssl: SSL_accept failed for IE on Mac)
sorry for the bogosity
here is the right and correct ssl-certificate
a.
--
Andrea Mennucc
"E' un mondo difficile. Che vita intensa!" (Tonino Carotone)
#!/bin/sh
set -e
export RANDFILE=/dev/random
[ "$CERTDIR" ] || CERTDIR=/etc/apache-ssl
[ "$CERTNAME" ] || CERTNAME=$CERTDIR/apache.pem
if [ "$1" != "--force" -a -f $CERTNAME ]; then
echo "$CERTNAME exists! Use \"$0 --force.\""
exit 0
fi
if [ "$1" = "--force" ]; then
shift
fi
echo
echo creating selfsigned certificate
echo "replace it with one signed by a certification authority (CA)"
echo
echo enter your ServerName at the Common Name prompt
echo
echo If you want your certificate to expire after x days call this programm
echo with "-days x"
T=`tempfile`
#stolen from sslwrap
country="US"
state=""
locality=""
organization=""
unit=""
hostname=`hostname -f`
email="webmaster@"`hostname -f`
[ -r /etc/sslwrap/debian_config ] && source /etc/sslwrap/debian_config
awk '
/commonName.*=.*YOUR.*/\
{$0="commonName = server name (eg. ssl.domain.tld; required!!!)\ncommonName_default='"$hostname"'"}
/0.organizationName_default/\
{$0="0.organizationName_default ='"$organization"'"}
/countryName_default/\
{$0="countryName_default='"$country"'"}
/stateOrProvinceName_default/\
{$0="stateOrProvinceName_default='"$state"'"}
//{print}' /usr/lib/ssl/openssl.cnf > $T
openssl req $@ -config $T \
-new -x509 -nodes -out $CERTNAME~new -keyout $CERTNAME~new
chmod 600 $CERTNAME~new
openssl verify $CERTNAME~new
ln -sf $CERTNAME $CERTDIR/`/usr/bin/openssl \
x509 -noout -hash < $CERTNAME~new `.0
#move only if everything went OK
mv -b $CERTNAME~new $CERTNAME
rm $T
Reply to: