]>
sourceware.org Git - systemtap.git/blob - stap-gen-cert
3 # Generate a certificate for the systemtap server and add it to the
4 # database of trusted servers for the client.
6 # Copyright (C) 2008-2010 Red Hat Inc.
8 # This file is part of systemtap, and is free software. You can
9 # redistribute it and/or modify it under the terms of the GNU General
10 # Public License (GPL); either version 2, or (at your option) any
13 # Initialize the environment
14 .
${PKGLIBEXECDIR}stap-env
16 # Obtain the certificate database directory name.
18 if test "X$serverdb" = "X"; then
19 serverdb
="$stap_ssl_db/server"
23 # Create the server's certificate database directory.
24 if ! mkdir
-p -m 755 "$serverdb"; then
25 echo "Unable to create the server certificate database directory: $serverdb" >&2
29 # Create the certificate database password file. Care must be taken
30 # that this file is only readable by the owner.
31 if ! (touch "$serverdb/pw" && chmod 600 "$serverdb/pw"); then
32 echo "Unable to create the server certificate database password file: $serverdb/pw" >&2
36 # Generate a random password.
37 mkpasswd
-l 20 > "$serverdb/pw" 2>/dev
/null || \
38 apg
-a 1 -n 1 -m 20 -x 20 > "$serverdb/pw" 2>/dev
/null || \
39 (read -n20 password
</dev
/urandom
; echo "$password" > "$serverdb/pw")
41 # Generate the server certificate database
42 if ! certutil
-N -d "$serverdb" -f "$serverdb/pw" > /dev
/null
; then
43 echo "Unable to initialize the server certificate database directory: $serverdb" >&2
47 # We need some random noise for generating keys
48 dd bs
=123 count
=1 < /dev
/urandom
> "$serverdb/noise" 2> /dev
/null
50 # Generate a request for the server's certificate.
51 certutil
-R -d "$serverdb" -f "$serverdb/pw" -s "CN=Systemtap Compile Server, OU=Systemtap, O=Red Hat, C=US" \
52 -o "$serverdb/stap.req" -z "$serverdb/noise" 2> /dev
/null
53 rm -fr "$serverdb/noise"
55 # Create the certificate file first so that it always has the proper access permissions.
56 if ! (touch "$serverdb/$stap_certfile" && chmod 644 "$serverdb/$stap_certfile"); then
57 echo "Unable to create the server certificate file: $serverdb/$stap_certfile" >&2
61 # Now generate the actual certificate. Make is valid for 1 year.
62 certutil
-C -i "$serverdb/stap.req" -o "$serverdb/$stap_certfile" -x -d "$serverdb" \
63 -f "$serverdb/pw" -v 12 -5 -8 "$HOSTNAME,localhost" >/dev
/null
<<-EOF
70 rm -fr "$serverdb/stap.req"
72 # Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer
73 certutil
-A -n stap-server
-t "PCu,,PCu" -i "$serverdb/$stap_certfile" -d "$serverdb" -f "$serverdb/pw"
75 # Print some information about the certificate.
76 echo "Certificate $serverdb/$stap_certfile created and added to database $serverdb"
77 certutil
-L -d "$serverdb" -n stap-server | \
78 awk '/Validity|Not After|Not Before/ { print $0 }' | \
This page took 0.073143 seconds and 5 git commands to generate.