From 614e3bb1efb1cef13261cdb24f460ec39b2e1927 Mon Sep 17 00:00:00 2001 From: rht Date: Sat, 1 Jul 2017 13:17:51 +0200 Subject: [PATCH] scripts: Add script to autogenerate a self-signed SSL cert. This will simplify step 1 of prod-install instruction to reduce suffering in testing/experimenting production environments. Attribution: the scripts/setup/configure-certs is based on @galexrt's https://github.com/zulip/zulip/pull/450/commits/5c0daf62114b8ae7bd16f317a1883fd5f421d906 Further tweaked by tabbott to rename the script and edit the messages. --- scripts/setup/generate-self-signed-certs | 30 ++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100755 scripts/setup/generate-self-signed-certs diff --git a/scripts/setup/generate-self-signed-certs b/scripts/setup/generate-self-signed-certs new file mode 100755 index 0000000000..f463997dd3 --- /dev/null +++ b/scripts/setup/generate-self-signed-certs @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -e +if [ "$EUID" -ne 0 ]; then + echo "Error: This script must be run as root" >&2 + exit 1 +fi + +if [ -z "${1:-}" ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +SERVER_NAME="$1" + +echo "Executing certificates configuration..." +if [ ! -e /etc/ssl/private/zulip.key ] && [ ! -e /etc/ssl/certs/zulip.combined-chain.crt ]; then + echo "SSL certificates for Zulip not found in /etc/ssl/." + echo "Autogenerating certificates ..." + apt-get install -y openssl + openssl genrsa -des3 -passout pass:x -out /tmp/server.pass.key 4096 + openssl rsa -passin pass:x -in /tmp/server.pass.key -out /etc/ssl/private/zulip.key + openssl req -new -nodes -subj "/O=$SERVER_NAME" -key /etc/ssl/private/zulip.key -out /tmp/server.csr + openssl x509 -req -days 365 -in /tmp/server.csr -signkey /etc/ssl/private/zulip.key -out /etc/ssl/certs/zulip.combined-chain.crt + rm -f /tmp/server.csr /tmp/server.pass.key + echo "Generated new self-signed SSL certificates for Zulip." +else + echo "SSL certificates for Zulip already exist in /etc/ssl/. Skipping." +fi +echo "SSL certificate configuration succeeded."