create_ca() { certtool --generate-privkey --bits 4096 --outfile /etc/ssl/private/mycakey.pem cat < /etc/ssl/ca.info cn = Example Company ca cert_signing_key expiration_days = 3650 EOF certtool --generate-self-signed \ --load-privkey /etc/ssl/private/mycakey.pem \ --template /etc/ssl/ca.info \ --outfile /usr/local/share/ca-certificates/mycacert.crt update-ca-certificates } create_selfsigned_cert() { dir="$1" mkdir -p "${dir}" certtool --generate-privkey --bits 2048 --outfile "${dir}/localhost_key.pem" cat < "${dir}/localhost.info" organization = Example Company cn = localhost tls_www_server encryption_key signing_key expiration_days = 365 EOF certtool --generate-certificate \ --load-privkey "${dir}/localhost_key.pem" \ --load-ca-certificate /etc/ssl/certs/mycacert.pem \ --load-ca-privkey /etc/ssl/private/mycakey.pem \ --template "${dir}/localhost.info" \ --outfile "${dir}/localhost_cert.pem" cat "${dir}/localhost_cert.pem" "${dir}/localhost_key.pem" | tee "${dir}/localhost.pem" chgrp haproxy "${dir}/localhost_key.pem" "${dir}/localhost.pem" chmod 0640 "${dir}/localhost_key.pem" "${dir}/localhost.pem" } check_index_file() { haproxy_url="$1" # index.html is shipped with apache2 # Download it via haproxy and compare if wget -t1 "${haproxy_url}" -O- | cmp /var/www/html/index.html -; then echo "OK: index.html downloaded via haproxy matches the source file." else echo "FAIL: downloaded index.html via haproxy is different from the" echo " file delivered by apache." exit 1 fi }