Bug#395823: working script and missing configuration file

To: 395823@bugs.debian.org
Subject: Bug#395823: working script and missing configuration file
From: Stefano Zacchiroli <zack@debian.org>
Date: Fri, 29 Dec 2006 10:26:36 +0100
Message-id: <[🔎] 20061229092636.GA30740@aquarium.takhisis.invalid>
Reply-to: Stefano Zacchiroli <zack@debian.org>, 395823@bugs.debian.org

Yesterday I stumbled myself on this missing script
(apache2-ssl-certificate) of apache2.2-common. I found not working
neither of the (partial) solutions poster to this bug report.

My solution was then to cherry pick from a sarge system the script and
the needed configuration file (/usr/share/apache2/ssleay.cnf) which is
missing as well in apache2.2-common.

For further reference I attach the two files to this mail. To be used
out of the box ssleay.cnf should be put under /root/etc/.

Cheers.

-- 
Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
(15:56:48)  Zack: e la demo dema ?    /\    All one has to do is hit the
(15:57:15)  Bac: no, la demo scema    \/    right keys at the right time

#!/bin/sh -e

if [ "$1" != "--force" -a -f /etc/apache2/ssl/apache.pem ]; then
  echo "/etc/apache2/ssl/apache.pem exists!  Use \"$0 --force.\""
  exit 0
fi

if [ "$1" = "--force" ]; then
  shift
fi     

echo
echo creating selfsigned certificate
echo "replace it with one signed by a certification authority (CA)"
echo
echo enter your ServerName at the Common Name prompt
echo
echo If you want your certificate to expire after x days call this programm 
echo with "-days x" 

# use special .cnf, because with normal one no valid selfsigned
# certificate is created

export RANDFILE=/dev/random
openssl req $@ -config /root/etc/ssleay.cnf \
  -new -x509 -nodes -out /etc/apache2/ssl/apache.pem \
  -keyout /etc/apache2/ssl/apache.pem
chmod 600 /etc/apache2/ssl/apache.pem
ln -sf /etc/apache2/ssl/apache.pem \
  /etc/apache2/ssl/`/usr/bin/openssl \
  x509 -noout -hash < /etc/apache2/ssl/apache.pem`.0

#
# SSLeay example configuration file.
#

RANDFILE                = $ENV::HOME/.rnd

[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = GB
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State

localityName                    = Locality Name (eg, city)

organizationName                = Organization Name (eg, company; recommended)
organizationName_max            = 64

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_max      = 64

commonName                      = server name (eg. ssl.domain.tld; required!!!)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 40

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#396819: marked as done (apache2.2: Generates enormous load after some hours)
Next by Date: Bug#400918: downgrading to important
Previous by thread: Bug#396819: marked as done (apache2.2: Generates enormous load after some hours)
Next by thread: Bug#400918: downgrading to important
Index(es):
- Date
- Thread