mirror of
https://github.com/ChronosX88/psyced.git
synced 2024-11-09 20:11:00 +00:00
thanks to prosody.im for the certificate generator
This commit is contained in:
parent
c650302885
commit
47fe829aee
@ -955,6 +955,7 @@ _path_configuration = $CONFIG_DIR
|
|||||||
; (absolute or relative to _path_configuration)
|
; (absolute or relative to _path_configuration)
|
||||||
_path_PEM_key = key.pem
|
_path_PEM_key = key.pem
|
||||||
_path_PEM_certificate = cert.pem
|
_path_PEM_certificate = cert.pem
|
||||||
|
; You can run 'make' in the 'utility/gencert' folder to create a pair
|
||||||
|
|
||||||
; Path to the TLS trust directory where certs are kept.
|
; Path to the TLS trust directory where certs are kept.
|
||||||
; If unset this will default to your system installation's defaults.
|
; If unset this will default to your system installation's defaults.
|
||||||
|
32
utility/gencert/Makefile
Normal file
32
utility/gencert/Makefile
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# taken from prosody.im, originally written by zash. MIT license
|
||||||
|
#
|
||||||
|
.DEFAULT: localhost.cert
|
||||||
|
keysize=2048
|
||||||
|
|
||||||
|
# How to:
|
||||||
|
# First, `make yourhost.cnf` which creates a openssl config file.
|
||||||
|
# Then edit this file and fill in the details you want it to have,
|
||||||
|
# and add or change hosts and components it should cover.
|
||||||
|
# Then `make yourhost.key` to create your private key, you can
|
||||||
|
# include keysize=number to change the size of the key.
|
||||||
|
# Then you can either `make yourhost.csr` to generate a certificate
|
||||||
|
# signing request that you can submit to a CA, or `make yourhost.cert`
|
||||||
|
# to generate a self signed certificate.
|
||||||
|
|
||||||
|
.PRECIOUS: %.cnf %.key
|
||||||
|
|
||||||
|
# To request a cert
|
||||||
|
%.csr: %.cnf %.key
|
||||||
|
openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^)
|
||||||
|
|
||||||
|
# Self signed
|
||||||
|
%.cert: %.cnf %.key
|
||||||
|
openssl req -new -x509 -nodes -key $(lastword $^) -days 365 \
|
||||||
|
-sha1 -out $@ -utf8 -config $(firstword $^)
|
||||||
|
|
||||||
|
%.cnf:
|
||||||
|
sed 's,example\.com,$*,g' openssl.cnf > $@
|
||||||
|
|
||||||
|
%.key:
|
||||||
|
openssl genrsa $(keysize) > $@
|
||||||
|
@chmod 400 -c $@
|
53
utility/gencert/openssl.cnf
Normal file
53
utility/gencert/openssl.cnf
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
# based on the prosody certs/openssl.cnf by zash - MIT license
|
||||||
|
#
|
||||||
|
# note: if you have an internationalized domain name, be very careful
|
||||||
|
# about encoding it properly.
|
||||||
|
oid_section = new_oids
|
||||||
|
|
||||||
|
[ new_oids ]
|
||||||
|
|
||||||
|
# RFC 3920 section 5.1.1 defines this OID
|
||||||
|
xmppAddr = 1.3.6.1.5.5.7.8.5
|
||||||
|
|
||||||
|
# RFC 4985 defines this OID
|
||||||
|
SRVName = 1.3.6.1.5.5.7.8.7
|
||||||
|
|
||||||
|
[ req ]
|
||||||
|
|
||||||
|
default_bits = 4096
|
||||||
|
default_keyfile = example.com.key
|
||||||
|
distinguished_name = distinguished_name
|
||||||
|
req_extensions = v3_extensions
|
||||||
|
x509_extensions = v3_extensions
|
||||||
|
string_mask = utf8only
|
||||||
|
|
||||||
|
# ask about the DN?
|
||||||
|
prompt = no
|
||||||
|
|
||||||
|
[ distinguished_name ]
|
||||||
|
|
||||||
|
commonName = example.com
|
||||||
|
countryName = GB
|
||||||
|
localityName = The Internet
|
||||||
|
organizationName = Your Organisation
|
||||||
|
organizationalUnitName = IT Department
|
||||||
|
emailAddress = psycmaster@example.com
|
||||||
|
|
||||||
|
[ v3_extensions ]
|
||||||
|
|
||||||
|
# for certificate requests (req_extensions)
|
||||||
|
# and self-signed certificates (x509_extensions)
|
||||||
|
# note: setting keyUsage does not work for self-signed certs
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = digitalSignature,keyEncipherment
|
||||||
|
extendedKeyUsage = serverAuth,clientAuth
|
||||||
|
subjectAltName = @subject_alternative_name
|
||||||
|
|
||||||
|
[ subject_alternative_name ]
|
||||||
|
|
||||||
|
# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info
|
||||||
|
|
||||||
|
DNS.0 = example.com
|
||||||
|
otherName.0 = SRVName;IA5STRING:_xmpp-client.example.com
|
||||||
|
otherName.1 = SRVName;IA5STRING:_xmpp-server.example.com
|
||||||
|
otherName.2 = SRVName;IA5STRING:_psyc.example.com
|
Loading…
Reference in New Issue
Block a user