Hi all,I have just committed a very useful script to d-e-c that easily assists a site admin to create web server certificates for additional web (or whatever) servers on a Debian Edu network.
This script expects a host.domain name as first cmdline arguemnt. Usage: create-server-cert <server-name>.<server-domain>Then, this script searches LDAP for the given host.domain name. It expects this host.domain name to have a DNS A record in LDAP (i.e. it is expected to to be the IP's FQDN.
If a host is given matching the above criterion, this script extracts all CNAME records pointing at this host.domain FQDN from LDAP.
The FQDN and all CNAME aliases are then put into a temporary openssl.conf (and v3.conf) file and the script tries to create an SSL server certificate for the given host.
The created files will be stored in /etc/ssl/certs/<host>_<domain>.crt and
/etc/ssl/private/<host>_domain.key.
Limitations / ToDos:
- the script expects A records and CNAME records to share the same
domain
Please let me know what you think about this? (I dearly hope, we
haven't had such a script already).
light+love Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpcVBTTBm6wb.pgp
Description: Digitale PGP-Signatur