From f2c41e77e917c0bc370972ec68cc1ad6d436c5b2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sat, 13 Sep 2014 10:53:29 +0100
Subject: [PATCH] Simplify the creation of self-signed certificates

---
 beaglebone.txt | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/beaglebone.txt b/beaglebone.txt
index 9feebe6f..f85ed6ea 100644
--- a/beaglebone.txt
+++ b/beaglebone.txt
@@ -2629,22 +2629,24 @@ Create a self-signed certificate. The passphrase isn't important and will be rem
 editor /usr/bin/makecert
 #+END_SRC
 
-Enter the following:
+Enter the following, changing the country code and location as needed:
 
 #+BEGIN_SRC: bash
 #!/bin/bash
 
 HOSTNAME=$1
+COUNTRY_CODE="GB"
+AREA="Greater Manchester"
+LOCATION="Manchester"
+ORGANISATION="Freedombone"
 
-openssl genrsa -des3 -out $HOSTNAME.key 1024
-openssl req -new -x509 -nodes -days 3650 -key $HOSTNAME.key -out $HOSTNAME.crt
-openssl rsa -in $HOSTNAME.key -out $HOSTNAME.new.key
-cp $HOSTNAME.new.key $HOSTNAME.key
-rm $HOSTNAME.new.key
-cp $HOSTNAME.key /etc/ssl/private
+openssl req \
+  -x509 -nodes -days 3650 \
+  -subj "/O=$ORGANISATION/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+  -newkey rsa:1024 \
+  -keyout /etc/ssl/private/$HOSTNAME.key \
+  -out /etc/ssl/certs/$HOSTNAME.crt
 chmod 400 /etc/ssl/private/$HOSTNAME.key
-cp $HOSTNAME.crt /etc/ssl/certs
-shred -zu $HOSTNAME.key $HOSTNAME.crt
 /etc/init.d/nginx reload
 #+END_SRC
 
@@ -2655,8 +2657,6 @@ chmod +x /usr/bin/makecert
 makecert $HOSTNAME
 #+END_SRC
 
-Enter some trivial password for the key file, such as "password".  The password will be removed as part of the /makecert/ script which you just created.  Note that leaving a password on the key file would mean that after a power cycle the Apache server will not be able to boot properly (it would wait indefinitely for a password to be manually entered) and would look as if it had crashed.
-
 If all has gone well then there should be no warnings or errors after you run the service restart command.  After that you should enable ports 80 (HTTP) and 443 (HTTPS) on your internet router/firewall, such that they are redirected to the BBB.
 
 Also limit the amount of memory which any php scripts can use.
@@ -7189,6 +7189,7 @@ map $http_upgrade $connection_upgrade {
 server {
     listen 443 ssl;
     server_name mysubsonicdomainname.com;
+    index index.php;
 
     error_log  /var/www/mysubsonicdomainname.com/error.log debug;
 
@@ -7225,11 +7226,11 @@ server {
 
 
 server {
-    listen   80;
-    server_name FQDN;
+    listen 443 ssl;
+    server_name mysubsonicdomainname.com;
     charset utf-8;
 
-    root PATH;
+    root /var/www/mysubsonicdomainname.com/htdocs;
     index index.php;
 
     if ( !-d $request_filename ) {
@@ -7284,7 +7285,7 @@ Save and exit.
 #+BEGIN_SRC: bash
 sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
 cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
-service nginx restart
+/etc/init.d/nginx reload
 #+END_SRC