6 NVCN
=`nvram get https_crt_cn`
7 if [ "$NVCN" == "" ]; then
8 NVCN
=`nvram get router_name`
11 cp -L openssl.cnf openssl.config
15 echo "$I.commonName=CN" >> openssl.config
16 echo "$I.commonName_value=$CN" >> openssl.config
20 # create the key and certificate request
21 openssl req
-new -sha256 -out /tmp
/cert.csr
-config openssl.config
-keyout /tmp
/privkey.pem
-newkey rsa
:2048 -passout pass
:password
22 # remove the passphrase from the key
23 openssl rsa
-in /tmp
/privkey.pem
-out key.pem
-passin pass
:password
24 # convert the certificate request into a signed certificate
25 openssl x509
-sha256 -in /tmp
/cert.csr
-out cert.pem
-req -signkey key.pem
-setstartsecs $SECS -days 3653 -set_serial $1
27 # openssl x509 -in /etc/cert.pem -text -noout
29 rm -f /tmp
/cert.csr
/tmp
/privkey.pem openssl.config