free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Simplify the creation of self-signed certificates

Bob Mottram 10 years ago
parent
6a7d4b2568
commit
f2c41e77e9
1 changed files with 17 additions and 16 deletions
Split View Show Diff Stats
  1. 17
    16
      beaglebone.txt

+ 17
- 16
beaglebone.txt View File 

@@ -2629,22 +2629,24 @@ Create a self-signed certificate. The passphrase isn't important and will be rem
2629 2629 
 editor /usr/bin/makecert
2630 2630 
 #+END_SRC
2631 2631
2632 
-Enter the following:
2632 
+Enter the following, changing the country code and location as needed:
2633 2633
2634 2634 
 #+BEGIN_SRC: bash
2635 2635 
 #!/bin/bash
2636 2636
2637 2637 
 HOSTNAME=$1
2638 
-
2639 
-openssl genrsa -des3 -out $HOSTNAME.key 1024
2640 
-openssl req -new -x509 -nodes -days 3650 -key $HOSTNAME.key -out $HOSTNAME.crt
2641 
-openssl rsa -in $HOSTNAME.key -out $HOSTNAME.new.key
2642 
-cp $HOSTNAME.new.key $HOSTNAME.key
2643 
-rm $HOSTNAME.new.key
2644 
-cp $HOSTNAME.key /etc/ssl/private
2638 
+COUNTRY_CODE="GB"
2639 
+AREA="Greater Manchester"
2640 
+LOCATION="Manchester"
2641 
+ORGANISATION="Freedombone"
2642 
+
2643 
+openssl req \
2644 
+  -x509 -nodes -days 3650 \
2645 
+  -subj "/O=$ORGANISATION/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
2646 
+  -newkey rsa:1024 \
2647 
+  -keyout /etc/ssl/private/$HOSTNAME.key \
2648 
+  -out /etc/ssl/certs/$HOSTNAME.crt
2645 2649 
 chmod 400 /etc/ssl/private/$HOSTNAME.key
2646 
-cp $HOSTNAME.crt /etc/ssl/certs
2647 
-shred -zu $HOSTNAME.key $HOSTNAME.crt
2648 2650 
 /etc/init.d/nginx reload
2649 2651 
 #+END_SRC
2650 2652 
 
@@ -2655,8 +2657,6 @@ chmod +x /usr/bin/makecert
2655 2657 
 makecert $HOSTNAME
2656 2658 
 #+END_SRC
2657 2659
2658 
-Enter some trivial password for the key file, such as "password".  The password will be removed as part of the /makecert/ script which you just created.  Note that leaving a password on the key file would mean that after a power cycle the Apache server will not be able to boot properly (it would wait indefinitely for a password to be manually entered) and would look as if it had crashed.
2659 
-
2660 2660 
 If all has gone well then there should be no warnings or errors after you run the service restart command.  After that you should enable ports 80 (HTTP) and 443 (HTTPS) on your internet router/firewall, such that they are redirected to the BBB.
2661 2661
2662 2662 
 Also limit the amount of memory which any php scripts can use.
 
@@ -7189,6 +7189,7 @@ map $http_upgrade $connection_upgrade {
7189 7189 
 server {
7190 7190 
     listen 443 ssl;
7191 7191 
     server_name mysubsonicdomainname.com;
7192 
+    index index.php;
7192 7193
7193 7194 
     error_log  /var/www/mysubsonicdomainname.com/error.log debug;
7194 7195 
 
@@ -7225,11 +7226,11 @@ server {
7225 7226
7226 7227
7227 7228 
 server {
7228 
-    listen   80;
7229 
-    server_name FQDN;
7229 
+    listen 443 ssl;
7230 
+    server_name mysubsonicdomainname.com;
7230 7231 
     charset utf-8;
7231 7232
7232 
-    root PATH;
7233 
+    root /var/www/mysubsonicdomainname.com/htdocs;
7233 7234 
     index index.php;
7234 7235
7235 7236 
     if ( !-d $request_filename ) {
 
@@ -7284,7 +7285,7 @@ Save and exit.
7284 7285 
 #+BEGIN_SRC: bash
7285 7286 
 sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
7286 7287 
 cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
7287 
-service nginx restart
7288 
+/etc/init.d/nginx reload
7288 7289 
 #+END_SRC
7289 7290
7290 7291