Hi,
I have modified sign.sh so that the certificate authority does not
have to start the filenames with "ca".
Here is the patch:
--- /usr/local/src/apachessl/mod_ssl-2.4.9-1.3.9/pkg.contrib/sign.sh
Mon Apr 12 01:30:34 1999
+++ ./sign.sh Wed Dec 20 16:21:48 2000
@@ -5,9 +5,50 @@
##
# argument line handling
+# 2000/12/20 Blair Lowe Add command line options to allow for more meaningfull
+# certificate names
+
+# defaults
+CAFILE=ca.crt
+CAPATH=.
+CAKEY=ca.key
+COMMAND_OPTIONS=`getopt -l CAkey:,CApath:,CAfile: -o k:,p:,f: -- $@`
+if [ $? != 0 ] ; then
+ echo "Terminating..." >&2
+ exit 1
+fi
+
+eval set -- "$COMMAND_OPTIONS"
+
+while true ; do
+ case "$1" in
+ -k|--CAkey)
+ CAKEY=$2
+ shift 2
+ ;;
+ -p|--CApath)
+ CAPATH=$2
+ shift 2
+ ;;
+ -f|--CAfile)
+ CAFILE=$2
+ shift 2
+ ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ echo invalid argument starting at $1 $2
+ echo "Usage: $0 [-k | --CAkey <ca_key>] [-p | --CApath
<ca_path>] [-f | --CAfile <crt_file>] <whatever>.csr"
+ exit 1
+ ;;
+ esac
+done
CSR=$1
if [ $# -ne 1 ]; then
- echo "Usage: sign.sign <whatever>.csr"; exit 1
+ echo "Usage: $0 [-p | --CApath <ca_path>] [-f | --CAfile
<ca_file>] <whatever>.csr"
+ exit 1
fi
if [ ! -f $CSR ]; then
echo "CSR not found: $CSR"; exit 1
@@ -29,38 +70,38 @@
fi
# create an own SSLeay config
-cat >ca.config <<EOT
-[ ca ]
-default_ca = CA_own
-[ CA_own ]
-dir = .
-certs = \$dir
-new_certs_dir = \$dir/ca.db.certs
-database = \$dir/ca.db.index
-serial = \$dir/ca.db.serial
-RANDFILE = \$dir/ca.db.rand
-certificate = \$dir/ca.crt
-private_key = \$dir/ca.key
-default_days = 365
-default_crl_days = 30
-default_md = md5
-preserve = no
-policy = policy_anything
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-EOT
+#cat >ca.config <<EOT
+echo [ ca ] > ca.config
+echo default_ca = CA_own >> ca.config
+echo [ CA_own ] >> ca.config
+echo dir = $CAPATH >> ca.config
+echo certs = \$dir >> ca.config
+echo new_certs_dir = \$dir/ca.db.certs >> ca.config
+echo database = \$dir/ca.db.index >> ca.config
+echo serial = \$dir/ca.db.serial >> ca.config
+echo RANDFILE = \$dir/ca.db.rand >> ca.config
+echo certificate = \$dir/$CAFILE >> ca.config
+echo private_key = \$dir/$CAKEY >> ca.config
+echo default_days = 365 >> ca.config
+echo default_crl_days = 30 >> ca.config
+echo default_md = md5 >> ca.config
+echo preserve = no >> ca.config
+echo policy = policy_anything >> ca.config
+echo [ policy_anything ] >> ca.config
+echo countryName = optional >> ca.config
+echo stateOrProvinceName = optional >> ca.config
+echo localityName = optional >> ca.config
+echo organizationName = optional >> ca.config
+echo organizationalUnitName = optional >> ca.config
+echo commonName = supplied >> ca.config
+echo emailAddress = optional >> ca.config
+#EOT
# sign the certificate
echo "CA signing: $CSR -> $CERT:"
openssl ca -config ca.config -out $CERT -infiles $CSR
echo "CA verifying: $CERT <-> CA cert"
-openssl verify -CAfile ca.crt $CERT
+openssl verify -CApath $CAPATH -CAfile $CAFILE $CERT
# cleanup after SSLeay
rm -f ca.config
Computer Engineering Inc. http://www.compeng.net
Phone: 780 499 5687 (9 - 5 MST) Fax: 780 435 0693 (24 Hours)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
