- certwatch: prevent warnings for duplicate certs (#103807)
- make /etc/cron.daily/certwatch 0755 (#141003) - add genkey(1) man page (#134821)
This commit is contained in:
parent
69910b9bfb
commit
dea5e1462d
@ -1 +1,4 @@
|
||||
crypto-rand-1.1.tar.gz
|
||||
genkey.1
|
||||
certwatch.1
|
||||
i386
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
#
|
||||
# Issue warning e-mails if SSL certificates expire, using
|
||||
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
|
||||
@ -17,8 +17,11 @@ test -x /usr/bin/certwatch || exit 0
|
||||
test -r /etc/httpd/conf/httpd.conf || exit 0
|
||||
test -x /usr/sbin/sendmail || exit 0
|
||||
test -x /etc/httpd/modules/mod_ssl.so || exit 0
|
||||
test -x /bin/sort || exit 0
|
||||
|
||||
certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null`
|
||||
set -o pipefail # pick up exit code of httpd not sort
|
||||
|
||||
certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
|
||||
RETVAL=$?
|
||||
test $RETVAL -eq 0 || exit 0
|
||||
|
||||
|
@ -4,12 +4,13 @@
|
||||
Summary: SSL certificate and key management utilities
|
||||
Name: crypto-utils
|
||||
Version: 2.1
|
||||
Release: 4
|
||||
Release: 5
|
||||
Source: crypto-rand-%{crver}.tar.gz
|
||||
Source1: genkey.pl
|
||||
Source2: certwatch.c
|
||||
Source3: certwatch.cron
|
||||
Source4: certwatch.xml
|
||||
Source5: genkey.xml
|
||||
Group: Applications/System
|
||||
License: Various
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
@ -31,7 +32,9 @@ make
|
||||
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl -o certwatch \
|
||||
$RPM_SOURCE_DIR/certwatch.c -lcrypto
|
||||
xmlto man $RPM_SOURCE_DIR/certwatch.xml
|
||||
for m in certwatch.xml genkey.xml; do
|
||||
xmlto man $RPM_SOURCE_DIR/$m
|
||||
done
|
||||
|
||||
pushd Makerand
|
||||
perl -pi -e "s/Stronghold/Crypt/g" *
|
||||
@ -75,6 +78,8 @@ install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
|
||||
install -c -m 644 certwatch.1 \
|
||||
$RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
|
||||
install -c -m 644 genkey.1 \
|
||||
$RPM_BUILD_ROOT%{_mandir}/man1/genkey.1
|
||||
|
||||
# install genkey
|
||||
sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
|
||||
@ -91,10 +96,15 @@ sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
|
||||
%files -f filelist
|
||||
%defattr(0644,root,root,0755)
|
||||
%attr(0755,root,root) %{_bindir}/*
|
||||
%{_sysconfdir}/cron.daily/certwatch
|
||||
%{_mandir}/man1/certwatch.1*
|
||||
%attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch
|
||||
%{_mandir}/man1/*.1*
|
||||
|
||||
%changelog
|
||||
* Tue Feb 15 2005 Joe Orton <jorton@redhat.com> 2.1-5
|
||||
- certwatch: prevent warnings for duplicate certs (#103807)
|
||||
- make /etc/cron.daily/certwatch 0755 (#141003)
|
||||
- add genkey(1) man page (#134821)
|
||||
|
||||
* Tue Oct 19 2004 Joe Orton <jorton@redhat.com> 2.1-4
|
||||
- make certwatch(1) warning distro-neutral
|
||||
- update to crypto-rand 1.1, fixing #136093
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!%INSTDIR%/bin/perl
|
||||
#
|
||||
# Copyright (c) 2001-2004 Red Hat, Inc. All rights reserved.
|
||||
# Copyright (c) 2001-2005 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This software may be freely redistributed under the terms of the
|
||||
# GNU General Public License.
|
||||
@ -43,7 +43,7 @@ sub InitRoot
|
||||
|
||||
Newt::Cls();
|
||||
Newt::DrawRootText(0, 0,
|
||||
"Red Hat Keypair Generation (c) 2004 Red Hat, Inc.");
|
||||
"Red Hat Keypair Generation (c) 2005 Red Hat, Inc.");
|
||||
|
||||
if ($help == 1) {
|
||||
Newt::PushHelpLine(" <Tab>/<Alt-Tab> between elements |" .
|
||||
|
109
genkey.xml
Normal file
109
genkey.xml
Normal file
@ -0,0 +1,109 @@
|
||||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<refentry>
|
||||
|
||||
<refentryinfo>
|
||||
<productname>crypto-utils</productname>
|
||||
<date>February 2005</date>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>genkey</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>genkey</refname>
|
||||
<refpurpose>generate SSL certificates and certificate requests</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>genkey</command>
|
||||
<arg><option>--test</option></arg>
|
||||
<arg><option>--days <replaceable>count</replaceable></option></arg>
|
||||
<group>
|
||||
<arg><option>--genreq</option></arg>
|
||||
<arg><option>--makeca</option></arg>
|
||||
</group>
|
||||
<arg choice="req"><replaceable>hostname</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><command>genkey</command> is an interactive command-line
|
||||
tool which can be used to generate SSL certificates or Certificate
|
||||
Signing Requests (CSR). Generated certificates are stored in the
|
||||
directory <filename>/usr/share/ssl/certs/</filename>, and the
|
||||
corresponding private key in
|
||||
<filename>/usr/share/ssl/private/</filename>. </para>
|
||||
|
||||
<para><command>genkey</command> will prompt for the size of key
|
||||
desired; whether or not to generate a CSR; whether or not an
|
||||
encrypted private key is desired; the certificate subject DN
|
||||
details.</para>
|
||||
|
||||
<para><command>genkey</command> generates random data for the
|
||||
private key using the truerand library and also by prompting the
|
||||
user for entry of random text.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--makceca</option></term>
|
||||
<listitem><simpara>Generate a Certificate Authority
|
||||
keypair.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--genreq</option></term>
|
||||
<listitem><simpara>Generate a Certificate Signing Request for
|
||||
an existing private key, which can be submitted to a CA (for
|
||||
example, for renewal).</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--days</option> <replaceable>count</replaceable></term>
|
||||
<listitem><simpara>When generating a self-signed certificate,
|
||||
specify that the number of days for which the certificate is
|
||||
valid be <replaceable>count</replaceable> rather than the default
|
||||
value of 30.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--test</option></term>
|
||||
<listitem><simpara>For test purposes only; omit the slow
|
||||
process of generating random data.</simpara></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Examples</title>
|
||||
|
||||
<para>The following example will create a self-signed certificate
|
||||
and private key for the hostname
|
||||
<literal>www.example.com</literal>:
|
||||
|
||||
<programlisting>
|
||||
# genkey --days 120 www.example.com
|
||||
</programlisting>
|
||||
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Files</title>
|
||||
|
||||
<para><filename>/usr/share/ssl/openssl.cnf</filename></para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
Loading…
Reference in New Issue
Block a user