Re: LDAP authentication with PAM
Previously Rainer Clasen wrote:
> uhhm, is it?
Hmm, lets try again.
Wichert.
--
________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
#! /bin/sh
# Trivial script to generate a CA key and a server key
# Uses 1024 bit RSA keys
set -e
##############################################################################
# Start by making the Certification Authority key
mkdir CA
cd CA
# First we make the key
openssl genrsa -out ca.key 1024
# Now we make the X.509 certificate signing request. User input is used here.
echo "*** Enter the data for the Certification Authority key"
openssl req -new -key ca.key -out ca.csr
# Generate the X.509 certificate, signed by itself. We are using a
# version 3 certificate here that will be valid for 14 days.
tf=`tempfile`
cat > $tf <<EOF
extensions = x509v3
[ x509v3 ]
subjectAltName = email:copy
basicConstraints = CA:true,pathlen:0
nsComment = "Dummy CA certificate"
nsCertType = sslCA
EOF
openssl x509 -extfile $tf -days 14 \
-signkey ca.key -in ca.csr -req -out ca.crt
cd ..
##############################################################################
# Now we make the server keys
mkdir -p server
cd server
# Create a certifiacte serial# file
[ -f .serial ] || echo 01 > .serial
# Create the private key
openssl genrsa -out server.key 1024
# Create the X.509 certificate signing request
echo "*** Enter the data for the server key"
openssl req -new -key server.key -out server.csr
# Generate the X.509 certificate, signed by itself. We are using a
# version 3 certificate here that will be valid for 14 days.
cat > $tf <<EOF
extensions = x509v3
[ x509v3 ]
subjectAltName = email:copy
nsComment = "Dummy server certificate"
nsCertType = server
EOF
openssl x509 -extfile $tf -days 14 \
-CAserial .serial -CA ../CA/ca.crt -CAkey ../CA/ca.key \
-in server.csr -req -out server.crt
# Clean up
rm -f $tf
Reply to: