diff options
Diffstat (limited to '')
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-cert-conf | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-cert-conf b/sca-cpp/trunk/modules/http/httpd-cert-conf new file mode 100755 index 0000000000..be357554fb --- /dev/null +++ b/sca-cpp/trunk/modules/http/httpd-cert-conf @@ -0,0 +1,61 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Generate a test certificate +here=`readlink -f $0`; here=`dirname $here` +root=`readlink -f $1` +host=$2 +if [ "$host" = "" ]; then + host=`hostname -f` +fi + +# Don't regenerate the certificate if it already exists +if [ -f $root/conf/server.crt ]; then + return 0 +fi + +# Generate openssl configuration +mkdir -p $root/conf +umask 0007 +cat >$root/conf/openssl-cert.conf <<EOF +[ req ] +default_bits = 1024 +encrypt_key = no +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = US +ST = CA +L = San Francisco +O = Test Organization +OU = Test Unit +CN = $host +emailAddress = root@$host +EOF + +# Generate a certificate request +openssl req -new -config $root/conf/openssl-cert.conf -out $root/conf/server-req.crt -keyout $root/conf/server.key + +# Generate a certificate, signed with our test certificate of authority +openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/server.crt -infiles $root/conf/server-req.crt + +# Export it to PKCS12 format, that's the format Web browsers want to import +openssl pkcs12 -export -passout pass: -out $root/conf/server.p12 -inkey $root/conf/server.key -in $root/conf/server.crt -certfile $root/conf/ca.crt + |