Server IP : 3.128.248.115 / Your IP : 18.221.175.48 Web Server : Apache/2.4.41 (Ubuntu) System : Linux ip-172-31-33-233 5.15.0-1037-aws #41~20.04.1-Ubuntu SMP Mon May 22 18:18:00 UTC 2023 x86_64 User : www-data ( 33) PHP Version : 7.4.28 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /sbin/ |
Upload File : |
#!/bin/bash -e # This is a mockup of a script to produce a snakeoil cert # The aim is to have a debconfisable ssl-certificate script . /usr/share/debconf/confmodule db_version 2.0 db_capb backup ask_via_debconf() { RET="" if db_settitle make-ssl-cert/title ; then : # OK else echo Debconf failed with error code $? $RET >&2 echo Maybe your debconf database is corrupt. >&2 echo Try re-installing ssl-cert. >&2 fi RET="" while [ "x$RET" = "x" ]; do db_fset make-ssl-cert/hostname seen false db_input high make-ssl-cert/hostname || true db_go db_get make-ssl-cert/hostname done db_get make-ssl-cert/hostname HostName="$RET" db_fset make-ssl-cert/hostname seen false db_fset make-ssl-cert/altname seen false db_input high make-ssl-cert/altname || true db_go db_get make-ssl-cert/altname AddAltName="$RET" db_fset make-ssl-cert/altname seen false SubjectAltName="DNS:$HostName" [ -z "$AddAltName" ] || SubjectAltName="$SubjectAltName,$AddAltName" } make_snakeoil() { if ! HostName="$(hostname -f)" ; then HostName="$(hostname)" echo make-ssl-cert: Could not get FQDN, using \"$HostName\". echo make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil --force-overwrite' echo make-ssl-cert: again. fi SubjectAltName="DNS:$HostName" if [ ${#HostName} -gt 64 ] ; then HostName="$(hostname)" fi } create_temporary_cnf() { sed -e s#@HostName@#"$HostName"# -e s#@SubjectAltName@#"$SubjectAltName"# $template > $TMPFILE } # Takes two arguments, the base layout and the output cert. if [ $# -lt 2 ] && [ "$1" != "generate-default-snakeoil" ]; then printf "Usage: $0 template output [--force-overwrite]\n"; printf "Usage: $0 generate-default-snakeoil [--force-overwrite]\n"; exit 1; fi if [ "$1" != "generate-default-snakeoil" ]; then template="$1" output="$2" # be anal in manual mode. if [ ! -f $template ]; then printf "Could not open template file: $template!\n"; exit 1; fi if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then printf "$output file already exists!\n"; exit 1; fi ask_via_debconf else template="/usr/share/ssl-cert/ssleay.cnf" if [ -f "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] && [ -f "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then if [ "$2" != "--force-overwrite" ]; then exit 0 fi fi make_snakeoil fi # # should be a less common char # problem is that openssl virtually accepts everything and we need to # sacrifice one char. TMPFILE="$(mktemp)" || exit 1 TMPOUT="$(mktemp)" || exit 1 trap "rm -f $TMPFILE $TMPOUT" EXIT create_temporary_cnf # create the certificate. umask 077 if [ "$1" != "generate-default-snakeoil" ]; then if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \ -out $output -keyout $output > $TMPOUT 2>&1 then echo Could not create certificate. Openssl output was: >&2 cat $TMPOUT >&2 exit 1 fi chmod 600 $output # hash symlink cd $(dirname $output) ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output)) else if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \ -out /etc/ssl/certs/ssl-cert-snakeoil.pem \ -keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1 then echo Could not create certificate. Openssl output was: >&2 cat $TMPOUT >&2 exit 1 fi chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key # hash symlink cd /etc/ssl/certs/ ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem) fi