Add gentls_cert script to create a CA and certificate for mod_sofia TLS
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7234 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
parent
36658df019
commit
24248ae102
|
@ -156,6 +156,7 @@ libfreeswitch_la_SOURCES += src/switch_odbc.c
|
|||
libfreeswitch_la_LDFLAGS += -lodbc
|
||||
endif
|
||||
|
||||
bin_SCRIPTS = scripts/gentls_cert
|
||||
|
||||
|
||||
libs/libedit/src/.libs/libedit.a:
|
||||
|
|
|
@ -424,7 +424,8 @@ AC_CONFIG_FILES([Makefile
|
|||
src/include/switch_am_config.h
|
||||
build/getsounds.sh
|
||||
build/getlib.sh
|
||||
build/modmake.rules])
|
||||
build/modmake.rules
|
||||
scripts/gentls_cert])
|
||||
|
||||
AM_CONDITIONAL(ISLINUX, [test `uname -s` = Linux])
|
||||
AM_CONDITIONAL(ISMAC, [test `uname -s` = Darwin])
|
||||
|
|
|
@ -0,0 +1,172 @@
|
|||
#!/bin/sh
|
||||
|
||||
CONFDIR=@prefix@/conf/ssl
|
||||
DAYS=365
|
||||
|
||||
TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
|
||||
|
||||
COMMON_NAME="FreesSWITCH CA"
|
||||
ALT_NAME="DNS:test.freeswitch.org"
|
||||
ORG_NAME="FreeSWITCH"
|
||||
|
||||
umask 037
|
||||
|
||||
setup_ca() {
|
||||
echo "Creating new CA..."
|
||||
|
||||
if [ ! -d "${CONFDIR}/CA" ]; then
|
||||
mkdir -p -m 750 "${CONFDIR}/CA" || exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
|
||||
cat > "${CONFDIR}/CA/config.tpl" <<-EOF
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
prompt = no
|
||||
distinguished_name = req_dn
|
||||
|
||||
[ req_dn ]
|
||||
commonName = %CN%
|
||||
organizationName = %ORG%
|
||||
|
||||
[ ext ]
|
||||
basicConstraints=CA:FALSE
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
subjectAltName=%ALTNAME%
|
||||
EOF
|
||||
fi
|
||||
|
||||
sed \
|
||||
-e "s|%CN%|$COMMON_NAME|" \
|
||||
-e "s|%ORG%|$ORG_NAME|" \
|
||||
-e "/%ALTNAME%/d" \
|
||||
-e "s|CA:FALSE|CA:TRUE|" \
|
||||
"${CONFDIR}/CA/config.tpl" \
|
||||
> "${TMPFILE}.cfg" || exit 1
|
||||
|
||||
openssl req -new -out "${CONFDIR}/CA/careq.pem" \
|
||||
-newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \
|
||||
-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
|
||||
|
||||
openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \
|
||||
-out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \
|
||||
-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
|
||||
|
||||
rm "${TMPFILE}.cfg"
|
||||
|
||||
echo "DONE"
|
||||
}
|
||||
|
||||
generate_cert() {
|
||||
local val=""
|
||||
|
||||
echo "Generating new certificate..."
|
||||
|
||||
echo
|
||||
echo "--------------------------------------------------------"
|
||||
echo "CN: \"${COMMON_NAME}\""
|
||||
echo "ORG_NAME: \"${ORG_NAME}\""
|
||||
echo "ALT_NAME: \"${ALT_NAME}\""
|
||||
echo
|
||||
echo "[Enter \"OK\" to accept]"
|
||||
read val
|
||||
if [ "${val}" != "OK" ]; then
|
||||
return 2
|
||||
fi
|
||||
|
||||
sed \
|
||||
-e "s|%CN%|$COMMON_NAME|" \
|
||||
-e "s|%ALTNAME%|$ALT_NAME|" \
|
||||
-e "s|%ORG%|$ORG_NAME|" \
|
||||
"${CONFDIR}/CA/config.tpl" \
|
||||
> "${TMPFILE}.cfg" || exit 1
|
||||
|
||||
openssl req -new -out "${TMPFILE}.req" \
|
||||
-newkey rsa:1024 -keyout "${TMPFILE}.key" \
|
||||
-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
|
||||
|
||||
openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
|
||||
-in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
|
||||
-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
|
||||
|
||||
cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
|
||||
cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/agent.pem"
|
||||
|
||||
rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
|
||||
|
||||
echo "DONE"
|
||||
}
|
||||
|
||||
remove_ca() {
|
||||
echo "Cleaning CA"
|
||||
|
||||
if [ ! -d "${CONFDIR}/CA" ]; then
|
||||
rm "${CONFDIR}/CA/"*
|
||||
rmdir "${CONFDIR}/CA"
|
||||
fi
|
||||
|
||||
echo "DONE"
|
||||
}
|
||||
|
||||
command="$1"
|
||||
shift
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
-cn)
|
||||
shift
|
||||
COMMON_NAME="$1"
|
||||
;;
|
||||
-alt)
|
||||
shift
|
||||
ALT_NAME="$1"
|
||||
;;
|
||||
-org)
|
||||
shift
|
||||
ORG_NAME="$1"
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
|
||||
case ${command} in
|
||||
setup)
|
||||
setup_ca
|
||||
;;
|
||||
|
||||
create)
|
||||
generate_cert
|
||||
;;
|
||||
|
||||
remove)
|
||||
echo "Are you sure you want to delete the CA? [YES to delete]"
|
||||
read val
|
||||
if [ "${val}" = "YES" ]; then
|
||||
remove_ca
|
||||
else
|
||||
echo "Not deleting CA"
|
||||
fi
|
||||
;;
|
||||
|
||||
*)
|
||||
cat <<-EOF
|
||||
$0 <setup|create|clean> [options]
|
||||
|
||||
* commands:
|
||||
|
||||
setup - Setup new CA
|
||||
create - Create new certificate (overwriting old!)
|
||||
remove - Remove CA
|
||||
|
||||
* options:
|
||||
|
||||
-cn Set common name
|
||||
-alt Set alternative name (use prefix 'DNS:' or 'URI:')
|
||||
-org Set organization name
|
||||
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
Loading…
Reference in New Issue