mirror of https://github.com/Icinga/icinga2.git
parent
9a031efb75
commit
047d5db1a4
|
@ -5,6 +5,7 @@ bin_SCRIPTS = \
|
|||
icinga2pkidir = ${pkgdatadir}/pki
|
||||
icinga2pki_DATA = \
|
||||
pkifuncs \
|
||||
vars \
|
||||
openssl.cnf
|
||||
|
||||
CLEANFILES = $(bin_SCRIPTS)
|
||||
|
|
|
@ -14,7 +14,13 @@ if [ $(ls -1 -- $ICINGA_CA | wc -l) != 0 ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
chmod 700 $ICINGA_CA >/dev/null 2>&1
|
||||
|
||||
echo '01' > $ICINGA_CA/serial
|
||||
touch $ICINGA_CA/index.txt
|
||||
|
||||
CN_DEFAULT="Icinga CA" KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -nodes -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt
|
||||
cp $ICINGA2PKIDIR/vars $ICINGA_CA/
|
||||
source $ICINGA_CA/vars
|
||||
|
||||
KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt && \
|
||||
echo -e "\n\tIf you want to change the default settings for server certificates check out \"$ICINGA_CA/vars\".\n"
|
||||
|
|
|
@ -21,7 +21,16 @@ if [ ! -f $ICINGA_CA/ca.crt -o ! -f $ICINGA_CA/ca.key ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
CN_DEFAULT=$name KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
|
||||
openssl x509 -days 3650 -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.crt -CAserial $ICINGA_CA/serial
|
||||
[ -f $ICINGA_CA/vars ] && source $ICINGA_CA/vars
|
||||
|
||||
[ -z "$REQ_COUNTRY_NAME" ] && export REQ_COUNTRY_NAME="AU"
|
||||
[ -z "$REQ_STATE" ] && export REQ_STATE="Some-State"
|
||||
[ -z "$REQ_ORGANISATION" ] && export REQ_ORGANISATION="Internet Widgits Pty Ltd"
|
||||
[ -z "$REQ_ORG_UNIT" ] && export REQ_ORG_UNIT="Monitoring"
|
||||
[ -z "$REQ_COMMON_NAME"] && export REQ_COMMON_NAME="Icinga CA"
|
||||
[ -z "$REQ_DAYS" ] && export REQ_DAYS="3650"
|
||||
|
||||
REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA_CA" openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
|
||||
openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.tmp -CAserial $ICINGA_CA/serial && \
|
||||
openssl x509 -in $ICINGA_CA/$name.tmp -text > $ICINGA_CA/$name.crt && \
|
||||
rm -f $ICINGA_CA/$name.csr $ICINGA_CA/$name.tmp
|
||||
|
|
|
@ -78,7 +78,7 @@ preserve = no # keep passed DN ordering
|
|||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
|
@ -126,28 +126,28 @@ string_mask = utf8only
|
|||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = AU
|
||||
countryName_default = $ENV::REQ_COUNTRY_NAME
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Some-State
|
||||
stateOrProvinceName_default = $ENV::REQ_STATE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Internet Widgits Pty Ltd
|
||||
0.organizationName_default = $ENV::REQ_ORGANISATION
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = Icinga
|
||||
organizationalUnitName_default = $ENV::REQ_ORG_UNIT
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_max = 64
|
||||
commonName_default = $ENV::CN_DEFAULT
|
||||
commonName_default = $ENV::REQ_COMMON_NAME
|
||||
|
||||
#emailAddress = Email Address
|
||||
#emailAddress_max = 64
|
||||
|
@ -155,9 +155,9 @@ commonName_default = $ENV::CN_DEFAULT
|
|||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
#challengePassword = A challenge password
|
||||
#challengePassword_min = 4
|
||||
#challengePassword_max = 20
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
|
|
Loading…
Reference in New Issue