2012-03-01 02:41:09 +00:00
|
|
|
#!/bin/sh
|
|
|
|
prefix="@prefix@"
|
|
|
|
exec_prefix="@exec_prefix@"
|
|
|
|
sysconfdir="@sysconfdir@"
|
|
|
|
|
2013-11-18 23:49:01 +00:00
|
|
|
echo "Generating private key and CSR... "
|
2013-11-18 23:59:08 +00:00
|
|
|
openssl req -new -newkey rsa:4096 -nodes -sha512 -out "${sysconfdir}"/ssl.csr -keyout "${sysconfdir}"/ssl.key
|
2013-11-18 23:49:01 +00:00
|
|
|
|
|
|
|
echo "Self-signing certificate..."
|
|
|
|
openssl x509 -req -sha512 -days 365 -in "${sysconfdir}"/ssl.csr -signkey "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.pem
|
2012-03-01 02:41:09 +00:00
|
|
|
|
|
|
|
echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. "
|
2012-11-19 21:12:30 +00:00
|
|
|
openssl dhparam -out "${sysconfdir}"/dh.pem 2048
|
2012-03-01 02:41:09 +00:00
|
|
|
|
|
|
|
# If sysconfdir is relative to prefix, make the path relative. I.e.,
|
|
|
|
# prefix=/usr and sysconfdir=/etc -> relative_sysconfdir=/etc,
|
|
|
|
# prefix=/home/binki/chary and sysconfdir=/home/binki/chary/etc ->
|
|
|
|
# relative_sysconfdir=etc
|
|
|
|
relative_sysconfdir="${sysconfdir#${prefix%/}/}"
|
|
|
|
relative_sysconfdir="${relative_sysconfdir%/}"
|
|
|
|
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
|
|
|
|
Now change these lines in the IRCd config file:
|
|
|
|
|
|
|
|
ssl_private_key = "${relative_sysconfdir}/ssl.key";
|
2013-11-18 23:49:01 +00:00
|
|
|
ssl_cert = "${relative_sysconfdir}/ssl.pem";
|
2012-03-01 02:41:09 +00:00
|
|
|
ssl_dh_params = "${relative_sysconfdir}/dh.pem";
|
|
|
|
|
2013-11-18 23:49:01 +00:00
|
|
|
If you want to get your certificate signed by a certificate authority,
|
|
|
|
submit the ssl.csr file to your CA, then replace ssl.pem with the
|
|
|
|
certificate returned to you. You may need to include your CA's
|
|
|
|
intermediate certificates in signing order.
|
|
|
|
|
2012-03-01 02:41:09 +00:00
|
|
|
Enjoy using ssl.
|
|
|
|
EOF
|