3 # This is a wrapper script to create default certificates when the
4 # server first starts in debugging mode. Once the certificates have been
5 # created, this file should be deleted.
7 # Ideally, this program should be run as part of the installation of any
8 # binary package. The installation should also ensure that the permissions
9 # and owners are correct for the files generated by this script.
16 make -h > /dev/null 2>&1
19 # If we have a working "make", then use it. Otherwise, run the commands
22 if [ "$?" = "0" ]; then
28 # The following commands were created by running "make -n", and edited
29 # to remove the trailing backslash, and to add "exit 1" after the commands.
31 # Don't edit the following text. Instead, edit the Makefile, and
32 # re-generate these commands.
35 openssl dhparam -out dh 1024 || exit 1
36 if [ -e /dev/urandom ] ; then
37 dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1;
43 if [ ! -f server.key ]; then
44 openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
47 if [ ! -f ca.key ]; then
48 openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
51 if [ ! -f index.txt ]; then
55 if [ ! -f serial ]; then
59 if [ ! -f server.crt ]; then
60 openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
63 if [ ! -f server.p12 ]; then
64 openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
67 if [ ! -f server.pem ]; then
68 openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
71 if [ ! -f ca.der ]; then
72 openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
75 if [ ! -f client.key ]; then
76 openssl req -new -out client.csr -keyout client.key -config ./client.cnf
79 if [ ! -f client.crt ]; then
80 openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf