- certwatch: prevent warnings for duplicate certs (#103807)
- make /etc/cron.daily/certwatch 0755 (#141003) - add genkey(1) man page (#134821)
This commit is contained in:
parent
69910b9bfb
commit
dea5e1462d
|
@ -1 +1,4 @@
|
||||||
crypto-rand-1.1.tar.gz
|
crypto-rand-1.1.tar.gz
|
||||||
|
genkey.1
|
||||||
|
certwatch.1
|
||||||
|
i386
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Issue warning e-mails if SSL certificates expire, using
|
# Issue warning e-mails if SSL certificates expire, using
|
||||||
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
|
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
|
||||||
|
@ -17,8 +17,11 @@ test -x /usr/bin/certwatch || exit 0
|
||||||
test -r /etc/httpd/conf/httpd.conf || exit 0
|
test -r /etc/httpd/conf/httpd.conf || exit 0
|
||||||
test -x /usr/sbin/sendmail || exit 0
|
test -x /usr/sbin/sendmail || exit 0
|
||||||
test -x /etc/httpd/modules/mod_ssl.so || exit 0
|
test -x /etc/httpd/modules/mod_ssl.so || exit 0
|
||||||
|
test -x /bin/sort || exit 0
|
||||||
|
|
||||||
certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null`
|
set -o pipefail # pick up exit code of httpd not sort
|
||||||
|
|
||||||
|
certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
test $RETVAL -eq 0 || exit 0
|
test $RETVAL -eq 0 || exit 0
|
||||||
|
|
||||||
|
|
|
@ -4,12 +4,13 @@
|
||||||
Summary: SSL certificate and key management utilities
|
Summary: SSL certificate and key management utilities
|
||||||
Name: crypto-utils
|
Name: crypto-utils
|
||||||
Version: 2.1
|
Version: 2.1
|
||||||
Release: 4
|
Release: 5
|
||||||
Source: crypto-rand-%{crver}.tar.gz
|
Source: crypto-rand-%{crver}.tar.gz
|
||||||
Source1: genkey.pl
|
Source1: genkey.pl
|
||||||
Source2: certwatch.c
|
Source2: certwatch.c
|
||||||
Source3: certwatch.cron
|
Source3: certwatch.cron
|
||||||
Source4: certwatch.xml
|
Source4: certwatch.xml
|
||||||
|
Source5: genkey.xml
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
License: Various
|
License: Various
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
|
@ -31,7 +32,9 @@ make
|
||||||
|
|
||||||
cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl -o certwatch \
|
cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl -o certwatch \
|
||||||
$RPM_SOURCE_DIR/certwatch.c -lcrypto
|
$RPM_SOURCE_DIR/certwatch.c -lcrypto
|
||||||
xmlto man $RPM_SOURCE_DIR/certwatch.xml
|
for m in certwatch.xml genkey.xml; do
|
||||||
|
xmlto man $RPM_SOURCE_DIR/$m
|
||||||
|
done
|
||||||
|
|
||||||
pushd Makerand
|
pushd Makerand
|
||||||
perl -pi -e "s/Stronghold/Crypt/g" *
|
perl -pi -e "s/Stronghold/Crypt/g" *
|
||||||
|
@ -75,6 +78,8 @@ install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \
|
||||||
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
|
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
|
||||||
install -c -m 644 certwatch.1 \
|
install -c -m 644 certwatch.1 \
|
||||||
$RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
|
$RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
|
||||||
|
install -c -m 644 genkey.1 \
|
||||||
|
$RPM_BUILD_ROOT%{_mandir}/man1/genkey.1
|
||||||
|
|
||||||
# install genkey
|
# install genkey
|
||||||
sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
|
sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
|
||||||
|
@ -91,10 +96,15 @@ sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
|
||||||
%files -f filelist
|
%files -f filelist
|
||||||
%defattr(0644,root,root,0755)
|
%defattr(0644,root,root,0755)
|
||||||
%attr(0755,root,root) %{_bindir}/*
|
%attr(0755,root,root) %{_bindir}/*
|
||||||
%{_sysconfdir}/cron.daily/certwatch
|
%attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch
|
||||||
%{_mandir}/man1/certwatch.1*
|
%{_mandir}/man1/*.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 15 2005 Joe Orton <jorton@redhat.com> 2.1-5
|
||||||
|
- certwatch: prevent warnings for duplicate certs (#103807)
|
||||||
|
- make /etc/cron.daily/certwatch 0755 (#141003)
|
||||||
|
- add genkey(1) man page (#134821)
|
||||||
|
|
||||||
* Tue Oct 19 2004 Joe Orton <jorton@redhat.com> 2.1-4
|
* Tue Oct 19 2004 Joe Orton <jorton@redhat.com> 2.1-4
|
||||||
- make certwatch(1) warning distro-neutral
|
- make certwatch(1) warning distro-neutral
|
||||||
- update to crypto-rand 1.1, fixing #136093
|
- update to crypto-rand 1.1, fixing #136093
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!%INSTDIR%/bin/perl
|
#!%INSTDIR%/bin/perl
|
||||||
#
|
#
|
||||||
# Copyright (c) 2001-2004 Red Hat, Inc. All rights reserved.
|
# Copyright (c) 2001-2005 Red Hat, Inc. All rights reserved.
|
||||||
#
|
#
|
||||||
# This software may be freely redistributed under the terms of the
|
# This software may be freely redistributed under the terms of the
|
||||||
# GNU General Public License.
|
# GNU General Public License.
|
||||||
|
@ -43,7 +43,7 @@ sub InitRoot
|
||||||
|
|
||||||
Newt::Cls();
|
Newt::Cls();
|
||||||
Newt::DrawRootText(0, 0,
|
Newt::DrawRootText(0, 0,
|
||||||
"Red Hat Keypair Generation (c) 2004 Red Hat, Inc.");
|
"Red Hat Keypair Generation (c) 2005 Red Hat, Inc.");
|
||||||
|
|
||||||
if ($help == 1) {
|
if ($help == 1) {
|
||||||
Newt::PushHelpLine(" <Tab>/<Alt-Tab> between elements |" .
|
Newt::PushHelpLine(" <Tab>/<Alt-Tab> between elements |" .
|
||||||
|
|
|
@ -0,0 +1,109 @@
|
||||||
|
<?xml version='1.0' encoding='utf-8'?>
|
||||||
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||||
|
<refentry>
|
||||||
|
|
||||||
|
<refentryinfo>
|
||||||
|
<productname>crypto-utils</productname>
|
||||||
|
<date>February 2005</date>
|
||||||
|
</refentryinfo>
|
||||||
|
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>genkey</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>genkey</refname>
|
||||||
|
<refpurpose>generate SSL certificates and certificate requests</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsynopsisdiv>
|
||||||
|
<cmdsynopsis>
|
||||||
|
<command>genkey</command>
|
||||||
|
<arg><option>--test</option></arg>
|
||||||
|
<arg><option>--days <replaceable>count</replaceable></option></arg>
|
||||||
|
<group>
|
||||||
|
<arg><option>--genreq</option></arg>
|
||||||
|
<arg><option>--makeca</option></arg>
|
||||||
|
</group>
|
||||||
|
<arg choice="req"><replaceable>hostname</replaceable></arg>
|
||||||
|
</cmdsynopsis>
|
||||||
|
</refsynopsisdiv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
|
||||||
|
<para><command>genkey</command> is an interactive command-line
|
||||||
|
tool which can be used to generate SSL certificates or Certificate
|
||||||
|
Signing Requests (CSR). Generated certificates are stored in the
|
||||||
|
directory <filename>/usr/share/ssl/certs/</filename>, and the
|
||||||
|
corresponding private key in
|
||||||
|
<filename>/usr/share/ssl/private/</filename>. </para>
|
||||||
|
|
||||||
|
<para><command>genkey</command> will prompt for the size of key
|
||||||
|
desired; whether or not to generate a CSR; whether or not an
|
||||||
|
encrypted private key is desired; the certificate subject DN
|
||||||
|
details.</para>
|
||||||
|
|
||||||
|
<para><command>genkey</command> generates random data for the
|
||||||
|
private key using the truerand library and also by prompting the
|
||||||
|
user for entry of random text.</para>
|
||||||
|
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--makceca</option></term>
|
||||||
|
<listitem><simpara>Generate a Certificate Authority
|
||||||
|
keypair.</simpara></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--genreq</option></term>
|
||||||
|
<listitem><simpara>Generate a Certificate Signing Request for
|
||||||
|
an existing private key, which can be submitted to a CA (for
|
||||||
|
example, for renewal).</simpara></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--days</option> <replaceable>count</replaceable></term>
|
||||||
|
<listitem><simpara>When generating a self-signed certificate,
|
||||||
|
specify that the number of days for which the certificate is
|
||||||
|
valid be <replaceable>count</replaceable> rather than the default
|
||||||
|
value of 30.</simpara></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--test</option></term>
|
||||||
|
<listitem><simpara>For test purposes only; omit the slow
|
||||||
|
process of generating random data.</simpara></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Examples</title>
|
||||||
|
|
||||||
|
<para>The following example will create a self-signed certificate
|
||||||
|
and private key for the hostname
|
||||||
|
<literal>www.example.com</literal>:
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
# genkey --days 120 www.example.com
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Files</title>
|
||||||
|
|
||||||
|
<para><filename>/usr/share/ssl/openssl.cnf</filename></para>
|
||||||
|
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
Loading…
Reference in New Issue