free
/
freedombonee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Option to supress creation of DH parama

This commit is contained in:
Bob Mottram 2015-06-17 20:03:20 +01:00
parent faee7f9d91
commit 2d2a4d122a
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/freedombone-addcert
View File

@ -35,6 +35,7 @@ LOCATION="Freedomville"
ORGANISATION="Freedombone" ORGANISATION="Freedombone"
UNIT="Freedombone Unit" UNIT="Freedombone Unit"
EXTENSIONS="" EXTENSIONS=""
NODH=
function show_help { function show_help {
echo '' echo ''
@ -50,6 +51,7 @@ function show_help {
echo ' -l --location [locn] Optional location name' echo ' -l --location [locn] Optional location name'
echo ' -o --organisation [name] Optional organisation name' echo ' -o --organisation [name] Optional organisation name'
echo ' -u --unit [name] Optional unit name' echo ' -u --unit [name] Optional unit name'
echo ' --nodh Do not calculate DH params'
echo ' --ca Certificate authority cert' echo ' --ca Certificate authority cert'
echo '' echo ''
exit 0 exit 0
@ -90,6 +92,9 @@ case $key in
--ca) --ca)
EXTENSIONS="-extensions v3_ca" EXTENSIONS="-extensions v3_ca"
;; ;;
--nodh)
NODH="true"
;;
*) *)
# unknown option # unknown option
;; ;;
@ -108,7 +113,9 @@ if ! which openssl > /dev/null ;then
fi fi
openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam if [ ! $NODH ]; then
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
fi
chmod 400 /etc/ssl/private/$HOSTNAME.key chmod 400 /etc/ssl/private/$HOSTNAME.key
chmod 640 /etc/ssl/certs/$HOSTNAME.crt chmod 640 /etc/ssl/certs/$HOSTNAME.crt
chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam

3
src/freedombone-clientcert
View File

@ -98,7 +98,7 @@ fi
chmod 600 /etc/dovecot/passwd-file chmod 600 /etc/dovecot/passwd-file
# create a user cert # create a user cert
freedombone-addcert -h $USERNAME freedombone-addcert -h $USERNAME --nodh
# create a certificate request # create a certificate request
openssl req -new -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr openssl req -new -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
@ -108,6 +108,7 @@ openssl ca -config /etc/ssl/dovecot-ca.cnf -in /etc/ssl/requests/$USERNAME.csr -
# move the cert to the user's home # move the cert to the user's home
mkdir /home/$USERNAME/emailcert mkdir /home/$USERNAME/emailcert
shred -zu /etc/ssl/certs/$USERNAME.dhparam
mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert