Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 82212 Details for
Bug 125618
dev-db/mysql - create SSL certificates
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
create_cert.sh
create_cert.sh (text/plain), 5.90 KB, created by
Francesco R. (RETIRED)
on 2006-03-15 06:21:28 UTC
(
hide
)
Description:
create_cert.sh
Filename:
MIME Type:
Creator:
Francesco R. (RETIRED)
Created:
2006-03-15 06:21:28 UTC
Size:
5.90 KB
patch
obsolete
>#!/bin/bash >DIR=`pwd`/openssl >PRIV=$DIR/private > >mkdir -p $DIR $PRIV $DIR/newcerts >cp /etc/ssl/openssl.cnf $DIR >replace ./demoCA $DIR -- $DIR/openssl.cnf > ># Create necessary files: $database, $serial and $new_certs_dir ># directory (optional) > >touch $DIR/index.txt >echo "01" > $DIR/serial > ># ># Generation of Certificate Authority(CA) ># > >openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \ > -config $DIR/openssl.cnf > ># Sample output: ># Using configuration from /home/monty/openssl/openssl.cnf ># Generating a 1024 bit RSA private key ># ................++++++ ># .........++++++ ># writing new private key to '/home/monty/openssl/private/cakey.pem' ># Enter PEM pass phrase: ># Verifying password - Enter PEM pass phrase: ># ----- ># You are about to be asked to enter information that will be ># incorporated into your certificate request. ># What you are about to enter is what is called a Distinguished Name ># or a DN. ># There are quite a few fields but you can leave some blank ># For some fields there will be a default value, ># If you enter '.', the field will be left blank. ># ----- ># Country Name (2 letter code) [AU]:FI ># State or Province Name (full name) [Some-State]:. ># Locality Name (eg, city) []: ># Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB ># Organizational Unit Name (eg, section) []: ># Common Name (eg, YOUR name) []:MySQL admin ># Email Address []: > ># ># Create server request and key ># >openssl req -new -keyout $DIR/server-key.pem -out \ > $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf > ># Sample output: ># Using configuration from /home/monty/openssl/openssl.cnf ># Generating a 1024 bit RSA private key ># ..++++++ ># ..........++++++ ># writing new private key to '/home/monty/openssl/server-key.pem' ># Enter PEM pass phrase: ># Verifying password - Enter PEM pass phrase: ># ----- ># You are about to be asked to enter information that will be ># incorporated into your certificate request. ># What you are about to enter is what is called a Distinguished Name ># or a DN. ># There are quite a few fields but you can leave some blank ># For some fields there will be a default value, ># If you enter '.', the field will be left blank. ># ----- ># Country Name (2 letter code) [AU]:FI ># State or Province Name (full name) [Some-State]:. ># Locality Name (eg, city) []: ># Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB ># Organizational Unit Name (eg, section) []: ># Common Name (eg, YOUR name) []:MySQL server ># Email Address []: ># ># Please enter the following 'extra' attributes ># to be sent with your certificate request ># A challenge password []: ># An optional company name []: > ># ># Remove the passphrase from the key (optional) ># > >openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem > ># ># Sign server cert ># >openssl ca -policy policy_anything -out $DIR/server-cert.pem \ > -config $DIR/openssl.cnf -infiles $DIR/server-req.pem > ># Sample output: ># Using configuration from /home/monty/openssl/openssl.cnf ># Enter PEM pass phrase: ># Check that the request matches the signature ># Signature ok ># The Subjects Distinguished Name is as follows ># countryName :PRINTABLE:'FI' ># organizationName :PRINTABLE:'MySQL AB' ># commonName :PRINTABLE:'MySQL admin' ># Certificate is to be certified until Sep 13 14:22:46 2003 GMT ># (365 days) ># Sign the certificate? [y/n]:y ># ># ># 1 out of 1 certificate requests certified, commit? [y/n]y ># Write out database with 1 new entries ># Data Base Updated > ># ># Create client request and key ># >openssl req -new -keyout $DIR/client-key.pem -out \ > $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf > ># Sample output: ># Using configuration from /home/monty/openssl/openssl.cnf ># Generating a 1024 bit RSA private key ># .....................................++++++ ># .............................................++++++ ># writing new private key to '/home/monty/openssl/client-key.pem' ># Enter PEM pass phrase: ># Verifying password - Enter PEM pass phrase: ># ----- ># You are about to be asked to enter information that will be ># incorporated into your certificate request. ># What you are about to enter is what is called a Distinguished Name ># or a DN. ># There are quite a few fields but you can leave some blank ># For some fields there will be a default value, ># If you enter '.', the field will be left blank. ># ----- ># Country Name (2 letter code) [AU]:FI ># State or Province Name (full name) [Some-State]:. ># Locality Name (eg, city) []: ># Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySQL AB ># Organizational Unit Name (eg, section) []: ># Common Name (eg, YOUR name) []:MySQL user ># Email Address []: ># ># Please enter the following 'extra' attributes ># to be sent with your certificate request ># A challenge password []: ># An optional company name []: > ># ># Remove a passphrase from the key (optional) ># >openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem > ># ># Sign client cert ># > >openssl ca -policy policy_anything -out $DIR/client-cert.pem \ > -config $DIR/openssl.cnf -infiles $DIR/client-req.pem > ># Sample output: ># Using configuration from /home/monty/openssl/openssl.cnf ># Enter PEM pass phrase: ># Check that the request matches the signature ># Signature ok ># The Subjects Distinguished Name is as follows ># countryName :PRINTABLE:'FI' ># organizationName :PRINTABLE:'MySQL AB' ># commonName :PRINTABLE:'MySQL user' ># Certificate is to be certified until Sep 13 16:45:17 2003 GMT ># (365 days) ># Sign the certificate? [y/n]:y ># ># ># 1 out of 1 certificate requests certified, commit? [y/n]y ># Write out database with 1 new entries ># Data Base Updated > ># ># Create a my.cnf file that you can use to test the certificates ># > >cnf="" >cnf="$cnf [client]" >cnf="$cnf ssl-ca=$DIR/cacert.pem" >cnf="$cnf ssl-cert=$DIR/client-cert.pem" >cnf="$cnf ssl-key=$DIR/client-key.pem" >cnf="$cnf [mysqld]" >cnf="$cnf ssl-ca=$DIR/cacert.pem" >cnf="$cnf ssl-cert=$DIR/server-cert.pem" >cnf="$cnf ssl-key=$DIR/server-key.pem" >echo $cnf | replace " " ' >' > $DIR/my.cnf.cnf > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=82212">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 125618
:
82212
