Commit 6886b5f8 authored by Michael Fürmann's avatar Michael Fürmann
Browse files

closes #4 certificate creation during installation

parent f52de04d
......@@ -1349,6 +1349,30 @@ class installer_base {
$content = str_replace('{server_id}', $conf['server_id'], $content);
wf($full_file_name, $content);
// Create SSL Certificate for localhost
echo "writing new private key to 'localhost.key'\n-----\n";
$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
$ssl_locality = $this->free_query('Locality Name (eg, city)', '');
$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
$ssl_email = $this->free_query('Email Address', '');
$tpl = new tpl('metronome_conf_ssl.master');
wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
// Generate new key, csr and cert
exec("(cd /etc/metronome/certs && make localhost.key)");
exec("(cd /etc/metronome/certs && make localhost.csr)");
exec("(cd /etc/metronome/certs && make localhost.cert)");
exec('chmod 0400 /etc/metronome/certs/localhost.key');
exec('chown metronome /etc/metronome/certs/localhost.key');
// Copy init script
caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
......@@ -1356,7 +1380,24 @@ class installer_base {
exec($this->getinitcommand('xmpp', 'restart'));
writing new private key to 'smtpd.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
* */
/*// Dont just copy over the virtualhost template but add some custom settings
$tpl = new tpl('apache_apps.vhost.master');
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr =
# RFC 4985 defines this OID
SRVName =
[ req ]
default_bits = 4096
default_keyfile = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = {tmpl_var name='domain'}
countryName = {tmpl_var name='ssl_country'}
localityName = {tmpl_var name='ssl_locality'}
organizationName = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress = {tmpl_var name='ssl_email'}
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
# See for more info.
DNS.0 = {tmpl_var name='domain'}
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment