projects / solanum.git / blame
| Commit | Line | Data |
|---|---|---|
| c74836dc NPB |
1 | #!/bin/sh |
| 2 | prefix="@prefix@" | |
| 3 | exec_prefix="@exec_prefix@" | |
| 4 | sysconfdir="@sysconfdir@" | |
| 5 | ||
| b858bc54 | 6 | echo "Generating private key and CSR... " |
| 3c55c3a3 | 7 | openssl req -new -newkey rsa:4096 -nodes -sha512 -out "${sysconfdir}"/ssl.csr -keyout "${sysconfdir}"/ssl.key |
| b858bc54 PG |
8 | |
| 9 | echo "Self-signing certificate..." | |
| 10 | openssl x509 -req -sha512 -days 365 -in "${sysconfdir}"/ssl.csr -signkey "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.pem | |
| c74836dc NPB |
11 | |
| 12 | echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. " | |
| 5fd2dd95 | 13 | openssl dhparam -out "${sysconfdir}"/dh.pem 2048 |
| c74836dc NPB |
14 | |
| 15 | # If sysconfdir is relative to prefix, make the path relative. I.e., | |
| 16 | # prefix=/usr and sysconfdir=/etc -> relative_sysconfdir=/etc, | |
| 17 | # prefix=/home/binki/chary and sysconfdir=/home/binki/chary/etc -> | |
| 18 | # relative_sysconfdir=etc | |
| 19 | relative_sysconfdir="${sysconfdir#${prefix%/}/}" | |
| 20 | relative_sysconfdir="${relative_sysconfdir%/}" | |
| 21 | ||
| 22 | cat <<EOF | |
| 23 | ||
| 24 | ||
| 25 | Now change these lines in the IRCd config file: | |
| 26 | ||
| 27 | ssl_private_key = "${relative_sysconfdir}/ssl.key"; | |
| b858bc54 | 28 | ssl_cert = "${relative_sysconfdir}/ssl.pem"; |
| c74836dc NPB |
29 | ssl_dh_params = "${relative_sysconfdir}/dh.pem"; |
| 30 | ||
| b858bc54 PG |
31 | If you want to get your certificate signed by a certificate authority, |
| 32 | submit the ssl.csr file to your CA, then replace ssl.pem with the | |
| 33 | certificate returned to you. You may need to include your CA's | |
| 34 | intermediate certificates in signing order. | |
| 35 | ||
| c74836dc NPB |
36 | Enjoy using ssl. |
| 37 | EOF |