Slightly extending ssl-cert package capabilities
I am building packages for nufw , which require that I generate both
a SSL key and certificate. This is a pain to do with openssl, and it
cannot be done directly (in my understanding) by using the make-ssl-cert
: that command can only (in my understanding) generate a key.
Would you accept a patch on make-ssl-cert so that if it is given a 3rd
argument, that will be considered a certificate file to generate?
Such a patch would make it so that make-ssl-cert will behave as it
currently does, when called with 2 args. When called with 3 args, it
would run something like :
"openssl req -config $TMPFILE -new -x509 -nodes \
-keyout $output -pubkey -out $cert -days 1095"
(No certificate authority in this, anyway administrators that need to
use some use their own and are therefore out of the packaging system).
Right now, I have had to copy/paste the content of make-ssl-cert in my
postinst script, and modify the call to openssl. Yucks!
PS : I only looked at sarge packages for now, sorry if I'm totally
has-been on this.