[TriLUG] CAcert meeting -- how to prepare

Alan Porter porter at trilug.org
Thu Feb 5 14:04:41 EST 2009 

I know that some of you guys are still scratching your heads,
saying "what is all of this certificate stuff?".  It can be
intimidating at first.

Below is the script that I used yesterday to generate a certificate
for my own web server.  It does three things:

(1) create a random certificate ($host.key file) with my info in it

(2) generate a Certificate Signing Request ($host.csr) file to send
    to CAcert

(3) sign the certificate
   (a) print out the info needed to submit to CAcert
   (b) self-sign it, as a fall-back plan

It's pretty easy, as long as you don't stare too hard at those
openssl commands.  :-)

Try it... https://calvin.alanporter.com/public/
Click on the icon in the address bar and see the certificate info.

Alan



----------------------------------------------------------------------


#!/bin/bash

# FROM http://sial.org/howto/openssl/csr/

host=$1
country="US"
state="North Carolina"
city="Cary"
org="AlanPorter.com"
unit=""
email="certs at kr4jb.net"
days=365

# (0) LOOK BEFORE YOU LEAP

if [ -z "$host" ] ; then
   echo "you must specify a hostname in argument #1"
   exit 1
fi

if [ -f "$host.key" ] ; then
   echo "refusing to overwrite $host.key"
   exit 1
fi

# (1) GENERATE PRIVATE RSA KEY

in="$country\n$state\n$city\n$org\n$unit\n$host\n$email\n\n\n"
echo -e "$in" | openssl genrsa -out $host.key 1024
echo ""
chmod 400 $host.key

# (2) GENERATE CSR

in="$country\n$state\n$city\n$org\n$unit\n$host\n$email\n\n\n"
echo -e "$in" | openssl req -new -nodes -key $host.key -out $host.csr
echo ""

# (3) SIGN THE CERT

   # option (a) send it to CA Cert

   echo ""
   echo ""
   echo "This is the CSR that you need to send to CAcert:"
   echo ""
   cat $host.csr
   echo ""
   echo "Paste their reply into '$host-cacert.crt'"
   echo ""
   echo "And add the following to your apache config:"
   echo "    SSLEngine on"
   echo "    SSLCertificateFile    $(pwd)/$host-cacert.crt"
   echo "    SSLCertificateKeyFile $(pwd)/$host.key"
   echo ""
   echo ""

   # option (b) sign it yourself

   openssl x509 -req -days $days -in $host.csr \
      -signkey $host.key -out $host-selfsigned.crt

# (4) clean up

# This file is no longer needed.
rm $host.csr

----------------------------------------------------------------------







.

More information about the TriLUG mailing list