[ILUG] auto generating ssl certs
Dave Burke
daveb at esat.net
Mon Jul 26 15:48:10 IST 2004
"John P. Looney" wrote:
>
> Anyone come across software to make up SSL Certs ? Something like a web
>form that collects data, then feeds it to openssl a few times, and ends up
>with a non encrypted private key & a CSR file.
Would something like this do ..... (in php) ...
<snip>
$conffile = "/tmp/$servername.cnf";
$confh = fopen($conffile, "w");
fputs ($confh, "RANDFILE = \$ENV::HOME/.rnd\n\n");
fputs ($confh, "[ req ]\n");
fputs ($confh, "default_bits = 1024\n");
fputs ($confh, "distinguished_name = req_distinguished_name\n");
fputs ($confh, "attributes = req_attributes\n");
fputs ($confh, "prompt = no\n\n");
fputs ($confh, "[ req_distinguished_name ]\n");
fputs ($confh, "C = IE\n");
fputs ($confh, "ST = $state\n");
fputs ($confh, "L = $locality\n");
fputs ($confh, "O = $organisation\n");
fputs ($confh, "OU = $unit\n");
fputs ($confh, "CN = $servername\n");
fputs ($confh, "emailAddress = $serveradmin\n\n");
fputs ($confh, "[ req_attributes ]\n");
fclose ($confh);
$last_key = exec("$openssl genrsa -out /tmp/$servername.key -rand
$egdsocket $keysize", $key_output, $key_return);
$last_csr = exec("$openssl req -config /tmp/$servername.cnf -new -key
/tmp/$servername.key", $csr_output, $csr_return);
$last_crt = exec("$openssl req -config /tmp/$servername.cnf -x509 -new
-key /tmp/$servername.key", $crt_output, $crt_return);
$crt_holder = "";
for ($i = 0; $i < count($crt_output); $i++) {
$crt_holder = $crt_holder . $crt_output[$i] . "\n";
}
print ("Here is the certificate request file.....\n");
print ("<pre>\n");
$csr_holder = "";
for ($i = 0; $i < count($csr_output); $i++) {
print ("$csr_output[$i]\n");
$csr_holder = $csr_holder . $csr_output[$i] . "\n";
}
print ("</pre>\n");
$key_holder = "";
$key_file = fopen("/tmp/$servername.key", "r");
while (!feof($key_file)) {
$key_holder = $key_holder . fgets($key_file, 255);
}
<snip>
More information about the ILUG
mailing list