Bonjour,
J'ai bien fais tous les tests que vous m'avez indiquer mais ca ne semble pas fonctionner ;
Voici mon script :
#!/bin/bash
# The information assigned to the environment variables below will be included
# in the certificates generated by this script.
#
# The following environment variables should be assigned to valid values. This
# script will not work with quotes in any of the following environment
# variables.
############################################################################
# EDIT THE FOLLOWING LINES, WHICH CURRENTLY HAVE SAMPLE DEFAULTS.
# CHANGE THE VALUES AFTER THE '=' SYMBOL TO REFLECT YOUR SPECIFIC ENVIRONMENT.
#
#############################################################################
# Specify your country Specify your country [two letters only]
set OP_CERT_COUNTRY=CA
# Specify your state or province
set OP_CERT_STATE=QC
# Specify your city
set OP_CERT_LOCALITY=Trois-Rivieres
# Specify your company's name
set OP_CERT_ORG=UQTR
# This is the expiration for the CA and public certificates created by the CA;
# often will be 10 years or more.
set OP_CERT_CA_DAYS=3650
# This is the expiration for the Capture Manager certificates; might be 1 day,
# 30 days, etc., depending on policy.
set OP_CERT_CERT_DAYS=200
##########################################################
#
# END OF LINES THAT YOU SHOULD EDIT.
#
###########################################################
#Test de l'alimentation des variables
if [[ " $OP_CERT_COUNTRY" ]] || [[ " $OP_CERT_STATE" ]] || [[ " $OP_CERT_LOCALITY " ]] || [[ " $OP_CERT_ORG" ]] || [[ " $OP_CERT_CA_DAYS" ]] || [[ " $OP_CERT_CERT_DAYS" ]] ; then
echo "op_cert: please edit the environment variables at the start of this script file"
exit
#Test de l'option du script
function help()
{
echo "usage: op_cert command"
echo "commands:"
echo "dsaparam: generates DSA parameters"
echo "gencakey: generates the certificate authority's private and public keys"
echo "genmanager: generates the certificates used by the capture manager"
echo "help: displays this text"
echo "Certificate generation requires generating the DSA parameters first"
echo "If the DSA parameter file (dsaparam.pem) already exists, there is no"
echo "need to generate a new DSA parameter file"
exit 1
}
function dsaparam()
{
/usr/local/ssl/bin/openssl dsaparam -outform PEM -out dsaparam.pem 1024
}
function gencakey()
{
echo "===================================================================================================================="
echo "Generating the private and public keys for the certificate authority. This operation only needs to be done once."
echo "Enter the same passphrase three times. This passphrase should be kept secure."
echo "===================================================================================================================="
echo "[ req ]" > openssl.cnf
echo "default_bits = 1024" >> openssl.cnf
echo "default_keyfile = privkey.pem" >> openssl.cnf
echo "distinguished_name = req_distinguished_name" >> openssl.cnf
echo "prompt = no" >> openssl.cnf
echo "[ req_distinguished_name ]" >> openssl.cnf
echo "C = $OP_CERT_COUNTRY" >> openssl.cnf
echo "ST = $OP_CERT_STATE" >> openssl.cnf
echo "L = $OP_CERT_LOCALITY" >> openssl.cnf
echo "O = $OP_CERT_ORG" >> openssl.cnf
echo "CN = CA" >> openssl.cnf
/usr/local/ssl/bin/openssl req -config openssl.cnf -newkey dsa:dsaparam.pem -sha1 -keyout cakey.pem -outform PEM -out careq.pem
/usr/local/ssl/bin/openssl x509 -req -inform PEM -in careq.pem -sha1 -signkey cakey.pem -outform PEM -out ca.pem -days $OP_CERT_CA_DAYS
cp ca.pem cakey.pem casign.pem
rm -f cakey.pem careq.pem
echo "========================================================"
echo "This certificate will expire in $OP_CERT_CA_DAYS days."
echo "========================================================"
function genmanager()
{
echo "==================================================================================================="
echo "Generating the capture manager certificate."
echo "Enter the user's passphrase twice, followed by the certificate authority's passphrase."
echo "The user's passphrase is what he will type into ITGuru when opening the capture manager."
echo "==================================================================================================="
echo "[ req ]" > openssl.cnf
echo "default_bits = 1024" >> openssl.cnf
echo "default_keyfile = privkey.pem" >> openssl.cnf
echo "distinguished_name = req_distinguished_name" >> openssl.cnf
echo "prompt = no" >> openssl.cnf
echo "[ req_distinguished_name ]" >> openssl.cnf
echo "C = $OP_CERT_COUNTRY" >> openssl.cnf
echo "ST = $OP_CERT_STATE" >> openssl.cnf
echo "L = $OP_CERT_LOCALITY" >> openssl.cnf
echo "O = $OP_CERT_ORG" >> openssl.cnf
# Note that CN ("Commmon Name") is chosed to be different to make sure the output cert.pem does not appear to be self-signed.
echo "CN = manager certificate" >> openssl.cnf
/usr/local/ssl/bin/openssl req -config openssl.cnf -newkey dsa:dsaparam.pem -sha1 -keyout managerkey.pem -outform PEM -out managerreq.pem
/usr/local/ssl/bin/openssl x509 -req -inform PEM -in managerreq.pem -sha1 -CA casign.pem -CAkey casign.pem -CAcreateserial -outform PEM -out managercert.pem -days $OP_CERT_CERT_DAYS
cp managercert.pem+managerkey.pem+ca.pem cert.pem
rm managerkey.pem managerreq.pem managercert.pem casign.srl openssl.cnf
echo " ==========================================================="
echo " This certificate will expire in $OP_CERT_CERT_DAYS days."
echo " ============================================================"
}
et voici ce que j'obtiens lorsque je l'execute :
[root@li372 ssl]# ./op_cert.cnf
op_cert: please edit the environment variables at the start of this script file
[root@li372 ssl]#
est ce que mes fonctions ne seraient pas correctes ???
Merci d'avance
Poste le Monday 8 September 2008 16:16:48