Browse Source

Simplify the creation of self-signed certificates

Bob Mottram 10 years ago
parent
commit
f2c41e77e9
1 changed files with 17 additions and 16 deletions
  1. 17
    16
      beaglebone.txt

+ 17
- 16
beaglebone.txt View File

@@ -2629,22 +2629,24 @@ Create a self-signed certificate. The passphrase isn't important and will be rem
2629 2629
 editor /usr/bin/makecert
2630 2630
 #+END_SRC
2631 2631
 
2632
-Enter the following:
2632
+Enter the following, changing the country code and location as needed:
2633 2633
 
2634 2634
 #+BEGIN_SRC: bash
2635 2635
 #!/bin/bash
2636 2636
 
2637 2637
 HOSTNAME=$1
2638
-
2639
-openssl genrsa -des3 -out $HOSTNAME.key 1024
2640
-openssl req -new -x509 -nodes -days 3650 -key $HOSTNAME.key -out $HOSTNAME.crt
2641
-openssl rsa -in $HOSTNAME.key -out $HOSTNAME.new.key
2642
-cp $HOSTNAME.new.key $HOSTNAME.key
2643
-rm $HOSTNAME.new.key
2644
-cp $HOSTNAME.key /etc/ssl/private
2638
+COUNTRY_CODE="GB"
2639
+AREA="Greater Manchester"
2640
+LOCATION="Manchester"
2641
+ORGANISATION="Freedombone"
2642
+
2643
+openssl req \
2644
+  -x509 -nodes -days 3650 \
2645
+  -subj "/O=$ORGANISATION/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
2646
+  -newkey rsa:1024 \
2647
+  -keyout /etc/ssl/private/$HOSTNAME.key \
2648
+  -out /etc/ssl/certs/$HOSTNAME.crt
2645 2649
 chmod 400 /etc/ssl/private/$HOSTNAME.key
2646
-cp $HOSTNAME.crt /etc/ssl/certs
2647
-shred -zu $HOSTNAME.key $HOSTNAME.crt
2648 2650
 /etc/init.d/nginx reload
2649 2651
 #+END_SRC
2650 2652
 
@@ -2655,8 +2657,6 @@ chmod +x /usr/bin/makecert
2655 2657
 makecert $HOSTNAME
2656 2658
 #+END_SRC
2657 2659
 
2658
-Enter some trivial password for the key file, such as "password".  The password will be removed as part of the /makecert/ script which you just created.  Note that leaving a password on the key file would mean that after a power cycle the Apache server will not be able to boot properly (it would wait indefinitely for a password to be manually entered) and would look as if it had crashed.
2659
-
2660 2660
 If all has gone well then there should be no warnings or errors after you run the service restart command.  After that you should enable ports 80 (HTTP) and 443 (HTTPS) on your internet router/firewall, such that they are redirected to the BBB.
2661 2661
 
2662 2662
 Also limit the amount of memory which any php scripts can use.
@@ -7189,6 +7189,7 @@ map $http_upgrade $connection_upgrade {
7189 7189
 server {
7190 7190
     listen 443 ssl;
7191 7191
     server_name mysubsonicdomainname.com;
7192
+    index index.php;
7192 7193
 
7193 7194
     error_log  /var/www/mysubsonicdomainname.com/error.log debug;
7194 7195
 
@@ -7225,11 +7226,11 @@ server {
7225 7226
 
7226 7227
 
7227 7228
 server {
7228
-    listen   80;
7229
-    server_name FQDN;
7229
+    listen 443 ssl;
7230
+    server_name mysubsonicdomainname.com;
7230 7231
     charset utf-8;
7231 7232
 
7232
-    root PATH;
7233
+    root /var/www/mysubsonicdomainname.com/htdocs;
7233 7234
     index index.php;
7234 7235
 
7235 7236
     if ( !-d $request_filename ) {
@@ -7284,7 +7285,7 @@ Save and exit.
7284 7285
 #+BEGIN_SRC: bash
7285 7286
 sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
7286 7287
 cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
7287
-service nginx restart
7288
+/etc/init.d/nginx reload
7288 7289
 #+END_SRC
7289 7290
 
7290 7291