Rev 182 | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed
#! /usr/bin/env perl
# create a certificate of authority and key defined in $caCRT and $caKey
# read from config file
#
# requires $sslConfig file to be set up similar to openssl.cnf.sample
#
# script will ask for passphrase three times, twice to encrypt the key
# file, and once when creating the CA. PassPhrase must be a minimum of
# 8 characters long.
use strict;
use warnings;
use FindBin;
use File::Spec;
use Cwd 'abs_path';
use File::Basename;
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
my $config = $binDir . 'makeCert.conf';
my $sslConfig = $binDir . 'openssl.cnf';
my $configFile; # prototype for the domain specific config file
my $caCRT; # location of the CA crt file
my $caKey; # location of the CA Key file
my $serverCertDir; # where to put the server certs
my $certDays; # number of days a Server certificate is valid for, not used here
my $caDays; # number of days a CA is good for
die "Config File $config not found\n" unless -f $config;
die "openssl config file $sslConfig not found\n" unless -f $sslConfig;
# load the config file
eval `cat $config`;
die "Existing CA or Key found, remove them before continuing\n" if -f $caCRT or -f $caKey;
`openssl genpkey -algorithm RSA -out $caKey -des3 -pkeyopt rsa_keygen_bits:2048`;
`openssl req -config $configFile -key $caKey -new -x509 -days $caDays -out $caCRT -extensions CA_default`;
print "CA Created. You can view it with:\nopenssl x509 -in $caCRT -text -noout\n";