6 NVCN
=`nvram get https_crt_cn`
7 if [ "$NVCN" == "" ]; then
8 NVCN
=`nvram get lan_ipaddr`
11 cp -L openssl.cnf openssl.config
15 echo "$I.commonName=CN" >> openssl.config
16 echo "$I.commonName_value=$CN" >> openssl.config
20 # KDB 2013/05/12 http://support.microsoft.com/kb/2661254 - Windows now requires RSA keys 1024+ length
21 # Previous fixes have included increasing Tomato key to 2048 bits, but this takes 1512 bytes more NVRAM
22 # if key saved between router reboots.
24 # create the key and certificate request
25 openssl req
-new -out /tmp
/cert.csr
-config openssl.config
-keyout /tmp
/privkey.pem
-newkey rsa
:1024 -passout pass
:password
26 # remove the passphrase from the key
27 openssl rsa
-in /tmp
/privkey.pem
-out key.pem
-passin pass
:password
28 # convert the certificate request into a signed certificate
29 openssl x509
-in /tmp
/cert.csr
-out cert.pem
-req -signkey key.pem
-setstartsecs $SECS -days 3653 -set_serial $1
31 # openssl x509 -in /etc/cert.pem -text -noout
33 rm -f /tmp
/cert.csr
/tmp
/privkey.pem openssl.config