blob: df11b55620e747d0de35a457ae817f58090b24ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
create_ca() {
certtool --generate-privkey --bits 4096 --outfile /etc/ssl/private/mycakey.pem
cat <<EOF > /etc/ssl/ca.info
cn = Example Company
ca
cert_signing_key
expiration_days = 3650
EOF
certtool --generate-self-signed \
--load-privkey /etc/ssl/private/mycakey.pem \
--template /etc/ssl/ca.info \
--outfile /usr/local/share/ca-certificates/mycacert.crt
update-ca-certificates
}
create_selfsigned_cert() {
dir="$1"
mkdir -p "${dir}"
certtool --generate-privkey --bits 2048 --outfile "${dir}/localhost_key.pem"
cat <<EOF > "${dir}/localhost.info"
organization = Example Company
cn = localhost
tls_www_server
encryption_key
signing_key
expiration_days = 365
EOF
certtool --generate-certificate \
--load-privkey "${dir}/localhost_key.pem" \
--load-ca-certificate /etc/ssl/certs/mycacert.pem \
--load-ca-privkey /etc/ssl/private/mycakey.pem \
--template "${dir}/localhost.info" \
--outfile "${dir}/localhost_cert.pem"
cat "${dir}/localhost_cert.pem" "${dir}/localhost_key.pem" | tee "${dir}/localhost.pem"
chgrp haproxy "${dir}/localhost_key.pem" "${dir}/localhost.pem"
chmod 0640 "${dir}/localhost_key.pem" "${dir}/localhost.pem"
}
check_index_file() {
haproxy_url="$1"
# index.html is shipped with apache2
# Download it via haproxy and compare
if wget -t1 "${haproxy_url}" -O- | cmp /var/www/html/index.html -; then
echo "OK: index.html downloaded via haproxy matches the source file."
else
echo "FAIL: downloaded index.html via haproxy is different from the"
echo " file delivered by apache."
exit 1
fi
}
|
