Home | About |
 Subscribe E-mail |  Subscribe RSS
Home » Articles

A shell script for creating a selfsigned cert.

paan 25 July 2008 Articles 868 views One CommentPrint This Post Print This Post Email This Post Email This Post

Intro

A selfsigned cert is a digital certificate that is created by using a certification authority certificate that is issued by yourself. This is usefull for backend communications between servers that need the protection of a SSL tunnl but don’t need the ‘assurance’ provided by a regonized and trusted third party certification authority (and the charges that associated with obtaining one).

This is usefull in cases where communications between appserver and the data layer (typically RDMBS) needs to be protected with SSL. You just need to create a selfsigned cert and have your applications trust your own CA cert. You can then encrypt all your backened communications and only use certs obtained from trusted CA like, for example, Verisign where you want custumer confidence. And if your custom application need access to webservices you can make the application trust your own CA cert. There are many things other that you can do that doesn’t require a commercial SSL cert.

Approach

The people at Riseup Lab have already made a great guide on selfsigned cert. I have follow the steps that has been outlined there and created a shell script to create the selfsigned cert without going through the process of doing the work manually.

Basically, I take all the steps outline in the guide, put it in a shell script, do some externalizing on the parameter to make it a little configurable, and tested it abit. I use the term tested loosely here since all I did was try it in different directory and with some differences in the settings. It has some basic error checking but for the most part it’s not very robust and stills expects you to put in the correct stuff for it to work.

Running it

createSelfSignedCert.sh

Just download it above and run the supplied shell script and it will generate everything that you need to create the selfsigned cert. If for whatever reason you want to reset everything. Cleaning up the database of old certs and start fresh and create a new CA cert, just run the script with an extra “fromscratch” parameter, this will clean everything and start from scratch.

1

./createSelfSignedCert.sh fromscratch

Your thoughts

I would very much like to hear what you have to say about this script and how it can be improved. Please leave a comment if you happen to try it out.

Digg!
Rate this:
3.4

One Comment »

  1. the media uploader sort of uncapitalize my file as well as rename it slightly.. so just rename it back if you want or just leave it as is.

    Rate this:
    		3.4
    //paan (Who am I?) (author)
    25 July 2008 at 6:42 am

Have your say!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>