diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2015-01-03 13:58:15 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2015-01-03 13:58:15 +0100 |
commit | 4aca87515a5083ae0e31ce3177189fd43b6d05ac (patch) | |
tree | 7b1d9a31393ca090757dc6f0d3859b4fcd93f271 /release/src/router/httpd/gencert.sh | |
parent | 008d0be72b2f160382c6e880765e96b64a050c65 (diff) | |
download | tomato-4aca87515a5083ae0e31ce3177189fd43b6d05ac.tar.gz tomato-4aca87515a5083ae0e31ce3177189fd43b6d05ac.tar.bz2 |
patch to Vanilla Tomato 1.28
Diffstat (limited to 'release/src/router/httpd/gencert.sh')
-rwxr-xr-x | release/src/router/httpd/gencert.sh | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/release/src/router/httpd/gencert.sh b/release/src/router/httpd/gencert.sh index 52e64d96..8a1f837e 100755 --- a/release/src/router/httpd/gencert.sh +++ b/release/src/router/httpd/gencert.sh @@ -1,18 +1,29 @@ #!/bin/sh +SECS=1167609600 -SECS=$1 +cd /etc + +NVCN=`nvram get https_crt_cn` +if [ "$NVCN" == "" ]; then + NVCN=`nvram get lan_ipaddr` +fi + +cp -L openssl.cnf openssl.config + +I=0 +for CN in $NVCN; do + echo "$I.commonName=CN" >> openssl.config + echo "$I.commonName_value=$CN" >> openssl.config + I=$(($I + 1)) +done # create the key and certificate request -openssl req -new -out /tmp/cert.csr -config /etc/openssl.cnf -keyout /tmp/privkey.pem -newkey rsa:512 -passout pass:password +openssl req -new -out /tmp/cert.csr -config openssl.config -keyout /tmp/privkey.pem -newkey rsa:512 -passout pass:password # remove the passphrase from the key -openssl rsa -in /tmp/privkey.pem -out /tmp/key.pem -passin pass:password +openssl rsa -in /tmp/privkey.pem -out key.pem -passin pass:password # convert the certificate request into a signed certificate -if test "$SECS" -eq "" ; then - openssl x509 -in /tmp/cert.csr -out /tmp/cert.pem -req -signkey /tmp/key.pem -days 3650 -else - openssl x509 -in /tmp/cert.csr -out /tmp/cert.pem -req -signkey /tmp/key.pem -days 3650 -setstartsecs $SECS -fi -# Show human-readable format -openssl x509 -in /tmp/cert.pem -text -noout -# Remove unused files -rm -f /tmp/cert.csr /tmp/privkey.pem +openssl x509 -in /tmp/cert.csr -out cert.pem -req -signkey key.pem -setstartsecs $SECS -days 3653 -set_serial $1 + +# openssl x509 -in /etc/cert.pem -text -noout + +rm -f /tmp/cert.csr /tmp/privkey.pem openssl.config |