From 6a777617406defe19df7a85b86427f1f3e0c3384 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Thu, 21 Sep 2017 16:41:20 +0100 Subject: use sscg defaults; append CA cert to generated cert document httpd-init.service in httpd-init.service(8) --- httpd-ssl-gencerts | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'httpd-ssl-gencerts') diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts index 0771b73..67b6d9a 100755 --- a/httpd-ssl-gencerts +++ b/httpd-ssl-gencerts @@ -3,22 +3,20 @@ set -e FQDN=`hostname` -# A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress -if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then - FQDN=localhost.localdomain + +if test -f /etc/pki/tls/certs/localhost.crt -o \ + -f /etc/pki/tls/private/localhost.key -o \ + -f /etc/pki/tls/certs/localhost-ca.crt; then + exit 1 fi sscg -q \ --cert-file /etc/pki/tls/certs/localhost.crt \ --cert-key-file /etc/pki/tls/private/localhost.key \ --ca-file /etc/pki/tls/certs/localhost-ca.crt \ - --hash-alg sha256 \ - --key-strength 2048 \ --lifetime 365 \ - --country "--" \ - --state SomeState \ - --locality SomeCity \ - --organization SomeOrganization \ - --organizational-unit SomeOrganizationalUnit \ --hostname $FQDN \ --email root@$FQDN + +# mod_ssl will send the CA cert if it's appended to the server cert. +cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt -- cgit