[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SPAM] Certificado SSL + openldap

Tive o mesmo problema. Para resolver peguei o pacote RPM do OpenLDAP-server do Mandriva, descompactei e isolei o gencert.sh. Comentei duas linhas para que o script rodasse no Debian (uma que pegar a configuração de Unicodes para descobrir a sigla do pais - o default é US e você pode escolher BR, e a outra que trocava o dono e o grupo proprietário do arquivo).
Ficou assim:
 
gencert.sh
---------------------------------------------------------------------------------------------------------------------

#!/bin/sh

##

##  gencert.sh -- Create self-signed test certificate

##  Christian Zoffoli <czoffoli@linux-mandrake.com>

##  Version 0.2 ? 20010501

##

##

 

 

### external tools

openssl="/usr/bin/openssl"

 

### some optional terminal sequences

case $TERM in

    xterm|xterm*|vt220|vt220*)

        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`

        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`

        ;;

    vt100|vt100*)

        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`

        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`

        ;;

    default)

        T_MD=''

        T_ME=''

        ;;

esac

 

#   find some random files

#   (do not use /dev/random here, because this device

#   doesn't work as expected on all platforms)

randfiles=''

for file in /var/log/messages /var/adm/messages \

            /kernel /vmunix /vmlinuz \

            /etc/hosts /etc/resolv.conf; do

    if [ -f $file ]; then

        if [ ".$randfiles" = . ]; then

            randfiles="$file"

        else

            randfiles="${randfiles}:$file"

        fi

    fi

done

 

 

echo ""

echo "${T_MD}"

echo "----------------------------------------------------------------------"

echo "Create self-signed test certificate"

echo ""

echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "

echo "Version 0.2 - 20010501"

echo ""

echo ""

echo "______________________________________________________________________${T_ME}"

echo ""

echo ""

 

 

if [ ! -e ./ldap.pem ];then

            echo "Will create ldap.pem in `pwd`"

else

            echo "ldap.pem already exist, dying"

            exit

fi

 

 

mkdir -p /tmp/tmpssl-$$

pushd /tmp/tmpssl-$$ > /dev/null

 

echo ""

echo ""

echo "${T_MD}Generating Certificate "

echo "______________________________________________________________________${T_ME}"

echo ""

 

 

COMMONNAME=`hostname`

 

if [ ! -n "$COMMONNAME" ]

                        then

                        COMMONNAME="www.openldap.org"

fi

 

# comentado para funcionar no Debian

# . /etc/sysconfig/i18n

 

if [ -n "$COUNTRY" ]

                        then

                        COUNTRY=`echo $LANG | sed -e "s/.*_//;s/@.*//;s/\..*//;s/_.*//" |tr a-z A-Z`

else

            COUNTRY="US"      

fi

 

cat >.cfg <<EOT

[ req ]

default_bits                    = 1024

distinguished_name              = req_DN

RANDFILE                        = ca.rnd

[ req_DN ]

countryName                     = "1. Country Name             (2 letter code)"

countryName_default             = "$COUNTRY"

countryName_min                               = 2

countryName_max                              = 2

stateOrProvinceName             = "2. State or Province Name   (full name)    "

stateOrProvinceName_default = ""

localityName                    = "3. Locality Name            (eg, city)     "

localityName_default               = ""

0.organizationName                 = "4. Organization Name        (eg, company)  "

0.organizationName_default     = "LDAP Server"

organizationalUnitName                       = "5. Organizational Unit Name (eg, section)  "

organizationalUnitName_default           = "For testing purposes only"

commonName                         = "6. Common Name              (eg, CA name)  "

commonName_max                            = 64

commonName_default             = "$COMMONNAME"

emailAddress                           = "7. Email Address            (eg, name@FQDN)"

emailAddress_max                  = 40

emailAddress_default               = ""

EOT

 

$openssl req -config .cfg -new  -rand $randfiles -x509 -nodes -out ldap.pem -keyout ldap.pem -days 999999 

 

if [ $? -ne 0 ]; then

            echo "cca:Error: Failed to generate certificate " 1>&2

            exit 1

fi

 

 

popd >/dev/null

 

 

rm -f /tmp/tmpssl-$$/*.csr

rm -f /tmp/tmpssl-$$/ca.*

chmod 400 /tmp/tmpssl-$$/*

 

echo "Certificate creation done!"

cp /tmp/tmpssl-$$/ldap.* .

 

# comentado para funcionar no Debian

#chown ldap.ldap ldap.*

 

rm -rf /tmp/tmpssl-$$

 

 

 

 

 

Reply to: