On Tue, May 21, 2013 at 10:52:32PM +0000, Viktor Dukhovni wrote:
> makecert.sh:
> #! /bin/sh
> umask 077
> tmp=$(mktemp .smtpd.pem.XXXXXX)
> dst=smtpd.pem
> openssl req -new >> $tmp \
> -newkey rsa:2048 -nodes -keyout /dev/stdout \
> -x509 -sha1 -set_serial 1 -subj "/" -days 3650 \
> -config <(printf "[req]\n%s\n[dn]\n[exts]\n%s\n[alts]\n%s\n" \
> "$(printf "%s\n%s\n" \
> "distinguished_name=dn" \
> "x509_extensions=exts")" \
> "$(printf "%s\n%s\n" \
> "extendedKeyUsage=serverAuth,clientAuth" \
> "subjectAltName=@alts" \
> )" \
> "$(printf "DNS.1 = %s\n" $(uname -n))") &&
> mv $tmp "$dst"
For the record, the script uses bash <(command) syntax, so it should
be a /bin/bash not a /bin/sh script when the two are not the same.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
