1 denise.eckstein 1.1 #
2 # Set up OpenSSL certificates for the tog-pegasus cimserver
3 #
4 # Creates a default ssl.cnf file.
5 # Generates a self-signed certificate for use by the cimserver.
6 #
7 cnfChanged=0;
8 if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
9 mkdir -p ${PEGASUS_INSTALL_LOG%/*}
10 mkdir -p $PEGASUS_CONFIG_DIR
11 echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
12 echo "distinguished_name = req_distinguished_name" >> \
13 $PEGASUS_CONFIG_DIR/ssl.cnf
14 echo "prompt = no" >> $PEGASUS_CONFIG_DIR/ssl.cnf
15 echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
16 echo "C = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
17 echo "ST = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
18 echo "L = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
19 echo "O = The Open Group" >> \
20 $PEGASUS_CONFIG_DIR/ssl.cnf
21 echo "OU = The OpenPegasus Project" >> \
22 denise.eckstein 1.1 $PEGASUS_CONFIG_DIR/ssl.cnf
23 DN=`hostname`;
24 if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
25 DN='localhost.localdomain';
26 fi;
27 FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
28 grep 'has address' | head -1 | sed 's/\ .*$//'`;
29 if [ -z "$FQDN" ] ; then
30 FQDN="$DN";
31 fi;
32 # cannot use 'hostname --fqdn' because this can hang indefinitely
33 echo "CN = $FQDN" >> $PEGASUS_CONFIG_DIR/ssl.cnf
34 chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
35 chown root $PEGASUS_CONFIG_DIR/ssl.cnf
36 chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
37 cnfChanged=1;
38 fi
39 if [ $cnfChanged -eq 1 ] || \
40 [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
41 [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
42 /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
43 denise.eckstein 1.1 -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf \
44 -keyout $PEGASUS_PEM_DIR/key.pem \
45 -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
46 chmod 700 $PEGASUS_PEM_DIR/*.pem
47 cp -fp $PEGASUS_PEM_DIR/cert.pem \
48 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
49 cp -fp $PEGASUS_PEM_DIR/key.pem \
50 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
51 chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
52 chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
53 rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
54 fi;
55 if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
56 cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
57 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
58 chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
59 fi;
|