[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Slightly extending ssl-cert package capabilities


I am building packages for nufw [1], which require that I generate both
a SSL key and certificate. This is a pain to do with openssl, and it
cannot be done directly (in my understanding) by using the make-ssl-cert
: that command can only (in my understanding) generate a key.

Would you accept a patch on make-ssl-cert so that if it is given a 3rd
argument, that will be considered a certificate file to generate?

Such a patch would make it so that make-ssl-cert will behave as it
currently does, when called with 2 args. When called with 3 args, it
would run something like :
"openssl req -config $TMPFILE -new -x509 -nodes \
    -keyout $output -pubkey -out $cert -days 1095"

(No certificate authority in this, anyway administrators that need to
use some use their own and are therefore out of the packaging system).

Right now, I have had to copy/paste the content of make-ssl-cert in my
postinst script, and modify the call to openssl. Yucks!



PS : I only looked at sarge packages for now, sorry if I'm totally
has-been on this.

Reply to: