k2ll33d

K2LL33D SHELL

Apache/2.4.7 (Ubuntu)
Linux sman1baleendah 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64
uid=33(www-data) gid=33(www-data) groups=33(www-data)
safemode : OFF
MySQL: ON | Perl: ON | cURL: OFF | WGet: ON
> / usr / sbin /

server ip : 172.67.156.115

your ip : 108.162.241.19

H O M E

Filename	/usr/sbin/make-ssl-cert
Size	3.67 kb
Permission	rwxr-xr-x
Owner	root : root
Create time	27-Apr-2025 10:07
Last modified	27-Aug-2013 22:57
Last accessed	05-Jul-2025 15:35
Actions	edit \| rename \| delete \| download (gzip)
View	text \| code \| image

#!/bin/bash -e
# This is a mockup of a script to produce a snakeoil cert
# The aim is to have a debconfisable ssl-certificate script

. /usr/share/debconf/confmodule
db_version 2.0
db_capb backup

ask_via_debconf() {
RET=""
if db_settitle make-ssl-cert/title ; then
: # OK
else
echo Debconf failed with error code $? $RET >&2
echo Maybe your debconf database is corrupt. >&2
echo Try re-installing ssl-cert. >&2
fi

RET=""
while [ "x$RET" = "x" ]; do
db_fset make-ssl-cert/hostname seen false
db_input high make-ssl-cert/hostname || true
db_go
db_get make-ssl-cert/hostname
done

db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false

db_fset make-ssl-cert/altname seen false
db_input high make-ssl-cert/altname || true
db_go
db_get make-ssl-cert/altname
AltName="$RET"
db_fset make-ssl-cert/altname seen false
}

make_snakeoil() {
if ! HostName="$(hostname -f)" ; then
HostName="$(hostname)"
echo make-ssl-cert: Could not get FQDN, using \"$HostName\".
echo make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run
echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil --force-overwrite'
echo make-ssl-cert: again.
fi
if [ ${#HostName} -gt 64 ] ; then
AltName="DNS:$HostName"
HostName="$(hostname)"
fi
}

create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
[ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
}

# Takes two arguments, the base layout and the output cert.

if [ $# -lt 2 ] && [ "$1" != "generate-default-snakeoil" ]; then
printf "Usage: $0 template output [--force-overwrite]\n";
printf "Usage: $0 generate-default-snakeoil [--force-overwrite]\n";
exit 1;
fi

if [ "$1" != "generate-default-snakeoil" ]; then
template="$1"
output="$2"
# be anal in manual mode.
if [ ! -f $template ]; then
printf "Could not open template file: $template!\n";
exit 1;
fi
if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
printf "$output file already exists!\n";
exit 1;
fi
ask_via_debconf
else
template="/usr/share/ssl-cert/ssleay.cnf"
if [ -f "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] && [ -f "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then
if [ "$2" != "--force-overwrite" ]; then
exit 0
fi
fi
make_snakeoil
fi

# # should be a less common char
# problem is that openssl virtually accepts everything and we need to
# sacrifice one char.

TMPFILE="$(mktemp)" || exit 1
TMPOUT="$(mktemp)" || exit 1

trap "rm -f $TMPFILE $TMPOUT" EXIT

create_temporary_cnf

# create the certificate.

if [ "$1" != "generate-default-snakeoil" ]; then
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
-out $output -keyout $output > $TMPOUT 2>&1
then
echo Could not create certificate. Openssl output was: >&2
cat $TMPOUT >&2
exit 1
fi
chmod 600 $output
# hash symlink
cd $(dirname $output)
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
else
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1
then
echo Could not create certificate. Openssl output was: >&2
cat $TMPOUT >&2
exit 1
fi
chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
# hash symlink
cd /etc/ssl/certs/
ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem)
fi