tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/ssl-scripts-4948' into next 

Fixes #4948
This commit is contained in:
Ricardo Bartels 2013-10-23 13:04:09 +02:00
parent 9a031efb75 047d5db1a4
commit 171baa46b2
5 changed files with 36 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pki/Makefile.am
View File

@ -5,6 +5,7 @@ bin_SCRIPTS = \
icinga2pkidir = ${pkgdatadir}/pki icinga2pkidir = ${pkgdatadir}/pki
icinga2pki_DATA = \ icinga2pki_DATA = \
pkifuncs \ pkifuncs \
vars \
openssl.cnf openssl.cnf
CLEANFILES = $(bin_SCRIPTS) CLEANFILES = $(bin_SCRIPTS)

8
pki/icinga2-build-ca.in
View File

@ -14,7 +14,13 @@ if [ $(ls -1 -- $ICINGA_CA | wc -l) != 0 ]; then
exit 1 exit 1
fi fi
chmod 700 $ICINGA_CA >/dev/null 2>&1
echo '01' > $ICINGA_CA/serial echo '01' > $ICINGA_CA/serial
touch $ICINGA_CA/index.txt touch $ICINGA_CA/index.txt
CN_DEFAULT="Icinga CA" KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -nodes -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt cp $ICINGA2PKIDIR/vars $ICINGA_CA/
source $ICINGA_CA/vars
KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt && \
echo -e "\n\tIf you want to change the default settings for server certificates check out \"$ICINGA_CA/vars\".\n"

13
pki/icinga2-build-key.in
View File

@ -21,7 +21,16 @@ if [ ! -f $ICINGA_CA/ca.crt -o ! -f $ICINGA_CA/ca.key ]; then
exit 1 exit 1
fi fi
CN_DEFAULT=$name KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \ [ -f $ICINGA_CA/vars ] && source $ICINGA_CA/vars
openssl x509 -days 3650 -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.crt -CAserial $ICINGA_CA/serial
[ -z "$REQ_COUNTRY_NAME" ] && export REQ_COUNTRY_NAME="AU"
[ -z "$REQ_STATE" ] && export REQ_STATE="Some-State"
[ -z "$REQ_ORGANISATION" ] && export REQ_ORGANISATION="Internet Widgits Pty Ltd"
[ -z "$REQ_ORG_UNIT" ] && export REQ_ORG_UNIT="Monitoring"
[ -z "$REQ_COMMON_NAME"] && export REQ_COMMON_NAME="Icinga CA"
[ -z "$REQ_DAYS" ] && export REQ_DAYS="3650"
REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA_CA" openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.tmp -CAserial $ICINGA_CA/serial && \
openssl x509 -in $ICINGA_CA/$name.tmp -text > $ICINGA_CA/$name.crt && \
rm -f $ICINGA_CA/$name.csr $ICINGA_CA/$name.tmp

18
pki/openssl.cnf
View File

@ -78,7 +78,7 @@ preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look # A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional # For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-) # and supplied fields are just that :-)
policy = policy_match policy = policy_anything
# For the CA policy # For the CA policy
[ policy_match ] [ policy_match ]
@ -126,28 +126,28 @@ string_mask = utf8only
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)
countryName_default = AU countryName_default = $ENV::REQ_COUNTRY_NAME
countryName_min = 2 countryName_min = 2
countryName_max = 2 countryName_max = 2
stateOrProvinceName = State or Province Name (full name) stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State stateOrProvinceName_default = $ENV::REQ_STATE
localityName = Locality Name (eg, city) localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company) 0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd 0.organizationName_default = $ENV::REQ_ORGANISATION
# we can do this but it is not needed normally :-) # we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company) #1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd #1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Icinga organizationalUnitName_default = $ENV::REQ_ORG_UNIT
commonName = Common Name (e.g. server FQDN or YOUR name) commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64 commonName_max = 64
commonName_default = $ENV::CN_DEFAULT commonName_default = $ENV::REQ_COMMON_NAME
#emailAddress = Email Address #emailAddress = Email Address
#emailAddress_max = 64 #emailAddress_max = 64
@ -155,9 +155,9 @@ commonName_default = $ENV::CN_DEFAULT
# SET-ex3 = SET extension number 3 # SET-ex3 = SET extension number 3
[ req_attributes ] [ req_attributes ]
#challengePassword = A challenge password challengePassword = A challenge password
#challengePassword_min = 4 challengePassword_min = 4
#challengePassword_max = 20 challengePassword_max = 20
unstructuredName = An optional company name unstructuredName = An optional company name

8
pki/vars Normal file
View File

@ -0,0 +1,8 @@
# Icinga 2 default CA vars
export REQ_COUNTRY_NAME="AU"
export REQ_STATE="Some-State"
export REQ_ORGANISATION="Internet Widgits Pty Ltd"
export REQ_ORG_UNIT="Monitoring"
export REQ_COMMON_NAME="Icinga CA"
export REQ_DAYS="3650"