-
Notifications
You must be signed in to change notification settings - Fork 4
/
generate_ssl_files.sh
executable file
·31 lines (21 loc) · 1.22 KB
/
generate_ssl_files.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/bash
# This script generates files required for SSL operation of NXWEB.
# Their paths are defined in config.h (relative to work_dir):
# define SSL_CERT_FILE "ssl/server_cert.pem"
# define SSL_KEY_FILE "ssl/server_key.pem"
# define SSL_DH_PARAMS_FILE "ssl/dh.pem"
# Make sure gnutls bin folder is in PATH
# GNUTLS v.3.0.12+ is strongly recommended
#GNUTLS_BIN_DIR=/opt/gnutls-3.0/bin/
# Generate self-signed certificate for certificate authority, that shall sign other certificates
${GNUTLS_BIN_DIR}certtool --generate-privkey --outfile ssl/ca_key.pem
${GNUTLS_BIN_DIR}certtool --generate-self-signed --load-privkey ssl/ca_key.pem \
--template ssl/ca.cfg --outfile ssl/ca_cert.pem
# Create private key (RSA by default)
${GNUTLS_BIN_DIR}certtool --generate-privkey --outfile ssl/server_key.pem
# Generate certificate using private key
${GNUTLS_BIN_DIR}certtool --generate-certificate --load-privkey ssl/server_key.pem \
--load-ca-certificate ssl/ca_cert.pem --load-ca-privkey ssl/ca_key.pem \
--template ssl/server.cfg --outfile ssl/server_cert.pem
# Generate Diffie-Hellman parameters (required for DHE-* cipher-suites)
${GNUTLS_BIN_DIR}certtool --generate-dh-params --sec-param normal --outfile ssl/dh.pem