release/src/router/httpd/gencert.sh

   1 #!/bin/sh
   2 SECS=1262278080
   3
   4 cd /etc
   5
   6 NVCN=`nvram get https_crt_cn`
   7 if [ "$NVCN" == "" ]; then
   8         NVCN=`nvram get lan_ipaddr`
   9 fi
  10
  11 cp -L openssl.cnf openssl.config
  12
  13 I=0
  14 for CN in $NVCN; do
  15         echo "$I.commonName=CN" >> openssl.config
  16         echo "$I.commonName_value=$CN" >> openssl.config
  17         I=$(($I + 1))
  18 done
  19
  20 # KDB 2013/05/12 http://support.microsoft.com/kb/2661254 - Windows now requires RSA keys 1024+ length
  21 # Previous fixes have included increasing Tomato key to 2048 bits, but this takes 1512 bytes more NVRAM
  22 # if key saved between router reboots.
  23
  24 # create the key and certificate request
  25 openssl req -new -out /tmp/cert.csr -config openssl.config -keyout /tmp/privkey.pem -newkey rsa:1024 -passout pass:password
  26 # remove the passphrase from the key
  27 openssl rsa -in /tmp/privkey.pem -out key.pem -passin pass:password
  28 # convert the certificate request into a signed certificate
  29 openssl x509 -in /tmp/cert.csr -out cert.pem -req -signkey key.pem -setstartsecs $SECS -days 3653 -set_serial $1
  30
  31 #       openssl x509 -in /etc/cert.pem -text -noout
  32
  33 rm -f /tmp/cert.csr /tmp/privkey.pem openssl.config