WARNING!!! As this site contains some arts' photos such as Michelangelo's David statue which were classed as Indecent Articles by the Government of Hong Kong Special Administrative Region, people who under 18 are not allowed to enter this site.
警告!!!由於本站含有香港特別行政區政府評級為不雅物品之藝術品照片(如米開羅之大衛像),未滿18歲之人士,不得進入本站。

17 April, 2007

How to generate a self-signed certificate for apache2 in Debian

Filed under: Computer, Debian, Linux — wanleung @ 12:48 am

While the Debian apache2 package was in Apache version 2.0, there was a tool called “apache2-ssl-certificate” for the users to use that script to gererate their own self-signed cert themselves. However, the script was removed since the apache2 package had been upgraded to Apache v2.2.

I had modified the old script so that it can generate a suitable self-signed cert for the new apache2(Apache v2.2) in Debain.

Here is the code:


#!/bin/sh -e

DAYS="365"
CERTPATH="/etc/apache2/ssl"
CERTNAME="apache"
KEYBIT="1024"
FORCE="0";

usage(){
    echo "This is a program for the users to gernate their own self-signed certificate."
    echo
    echo "Usage:  $0 [[OPTION] [VALUE]]..."
    echo
    echo "OPTIONS:"
    echo "  -h | -help | --help -- To Show This Help"
    echo "  -f | --force        -- Force to generate the cert"
    echo "  -d | -days | --days -- cert to expire after x days, default is 365"
    echo "  -p | -path | --path -- Path of the cert will be stored,"
    echo "                         default is /etc/apache/ssl"
    echo "  -n | -name | --name -- the name of the cert, default is apache"
    echo "  -b | -bit  | --bit  -- length of the key, default is 1024"
    echo
}

createcert() {
    if [ "$FORCE" != "1" -a -f $CERTPATH/$CERTNAME.pem ]; then
        echo "$CERTPATH/$CERTNAME.pem exists!  Use \"$0 --force.\""
        exit 0
    fi
    echo
    echo creating selfsigned certificate
    echo "replace it with one signed by a certification authority (CA)"
    echo
    echo enter your ServerName at the Common Name prompt
    echo
    echo If you want your certificate to expire after x days call this programm
    echo with "--days x"

    mkdir -p "$CERTPATH/"

    export RANDFILE=/dev/random
    openssl req $@ -new -x509 -days $DAYS -nodes
    -newkey rsa:$KEYBIT
    -out $CERTPATH/$CERTNAME.pem
    -keyout $CERTPATH/$CERTNAME.pem
    chmod 600 $CERTPATH/$CERTNAME.pem
}

case $1 in
    -h|help|--help)
        usage
        exit 0
    ;;
esac

until [ -z "$1" ]  # Until all parameters used up . . .
do
    case $1 in
        --force|-f|-force)
	    FORCE="1"
	    shift
        ;;
	--days|-d|-days)
	    DAYS=$2
	    shift
	    shift
	;;
	--path|-p|-path)
	    CERTPATH=$2
	    shift
	    shift
	;;
	--name|-n|-name)
	    CERTNAME=$2
	    shift
	    shift
	;;
	--bit|-n|-bit)
	    KEYBIT=$2
	    shift
	    shift
	;;
	*)
	    usage
	    exit 0
	;;
    esac
done
createcert
Here is the file.
apache2-ssl-certificate.tar.gz

MD5SUM: 6fb69eb0d63a683e73461f4f682e13e5

1 Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment