diff options
| author | Joe Orton <jorton@redhat.com> | 2017-09-21 16:41:20 +0100 |
|---|---|---|
| committer | Joe Orton <jorton@redhat.com> | 2017-09-21 16:41:20 +0100 |
| commit | 6a777617406defe19df7a85b86427f1f3e0c3384 (patch) | |
| tree | 2b3c8cca684589e4bdc62348346a4bad6dc40cd7 /httpd-ssl-gencerts | |
| parent | 180ad320f452c4c58f6edc75a5749f665bf7459f (diff) | |
| download | httpd-6a777617406defe19df7a85b86427f1f3e0c3384.tar.gz httpd-6a777617406defe19df7a85b86427f1f3e0c3384.tar.xz httpd-6a777617406defe19df7a85b86427f1f3e0c3384.zip | |
use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
Diffstat (limited to 'httpd-ssl-gencerts')
| -rwxr-xr-x | httpd-ssl-gencerts | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts index 0771b73..67b6d9a 100755 --- a/httpd-ssl-gencerts +++ b/httpd-ssl-gencerts @@ -3,22 +3,20 @@ set -e FQDN=`hostname` -# A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress -if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then - FQDN=localhost.localdomain + +if test -f /etc/pki/tls/certs/localhost.crt -o \ + -f /etc/pki/tls/private/localhost.key -o \ + -f /etc/pki/tls/certs/localhost-ca.crt; then + exit 1 fi sscg -q \ --cert-file /etc/pki/tls/certs/localhost.crt \ --cert-key-file /etc/pki/tls/private/localhost.key \ --ca-file /etc/pki/tls/certs/localhost-ca.crt \ - --hash-alg sha256 \ - --key-strength 2048 \ --lifetime 365 \ - --country "--" \ - --state SomeState \ - --locality SomeCity \ - --organization SomeOrganization \ - --organizational-unit SomeOrganizationalUnit \ --hostname $FQDN \ --email root@$FQDN + +# mod_ssl will send the CA cert if it's appended to the server cert. +cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt |