diff --git a/src/Model/ssl/gen_ssl.sh b/src/Model/ssl/gen_ssl.sh index 1a931b0c..17a4e644 100644 --- a/src/Model/ssl/gen_ssl.sh +++ b/src/Model/ssl/gen_ssl.sh @@ -25,17 +25,26 @@ install_file() { chown $_own $_filepath } +# This is a workaround in the absence of faketime +origdate=$(date "+%Y%m%d%H%M") + +# -startdate is 2 years from now +date "$(($(date "+%Y")-2))$(date "+%m%d%H%M")" + +# -enddate is 10 years from startdate (8 years from now) +days=3650 + # httpd cd httpd openssl genrsa -out ca.key 2048 -openssl req -new -nodes -x509 -sha256 -out ca.crt -key ca.key -extensions v3_ca -set_serial $SET_SERIAL -days 365 \ +openssl req -new -nodes -x509 -sha256 -out ca.crt -key ca.key -extensions v3_ca -set_serial $SET_SERIAL -days $days \ -config httpd_ca.cnf \ -subj "/C=TR/ST=Antalya/L=Serik/O=ComixWall/OU=UTMFW/CN=example.org/emailAddress=sonertari@gmail.com" openssl req -new -nodes -sha256 -keyout server.key -out server.csr \ -config httpd.cnf \ -subj "/C=TR/ST=Antalya/L=Serik/O=ComixWall/OU=UTMFW/CN=example.org/emailAddress=sonertari@gmail.com" -openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.crt -extensions server -set_serial $SET_SERIAL -days 365 +openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.crt -extensions server -set_serial $SET_SERIAL -days $days cd .. install_file "server.crt" "httpd" "$PREFIX/ssl" "644" "root:bin" @@ -57,10 +66,13 @@ install_file "server.key" "openvpn" "$PREFIX/openvpn" "400" "root:wheel" # sslproxy cd sslproxy openssl genrsa -out ca.key 2048 -openssl req -new -nodes -x509 -sha256 -out ca.crt -key ca.key -extensions v3_ca -set_serial $SET_SERIAL -days 365 \ +openssl req -new -nodes -x509 -sha256 -out ca.crt -key ca.key -extensions v3_ca -set_serial $SET_SERIAL -days $days \ -config sslproxy.cnf \ -subj "/C=TR/ST=Antalya/L=Serik/O=ComixWall/OU=SSLproxy/CN=example.org/emailAddress=sonertari@gmail.com" cd .. install_file "ca.crt" "sslproxy" "$PREFIX/sslproxy" "644" "root:bin" install_file "ca.key" "sslproxy" "$PREFIX/sslproxy" "644" "root:bin" + +# restore orig date +date $origdate diff --git a/src/Model/ssl/openvpn/gen-sample-keys.sh b/src/Model/ssl/openvpn/gen-sample-keys.sh index 8167522c..3b42cce8 100755 --- a/src/Model/ssl/openvpn/gen-sample-keys.sh +++ b/src/Model/ssl/openvpn/gen-sample-keys.sh @@ -24,8 +24,11 @@ touch sample-ca/index.txt # (?) Ideally, check the serial in the last crt and increment echo "01" > sample-ca/serial +# -enddate is 10 years from startdate +days=3650 + # Generate CA key and cert -openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \ +openssl req -new -newkey rsa:2048 -days $days -nodes -x509 \ -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \ -subj "/C=TR/ST=Antalya/L=Serik/O=ComixWall/OU=OpenVPN/CN=example.org/emailAddress=sonertari@gmail.com" \ -config openssl.cnf @@ -47,4 +50,3 @@ openssl ca -batch -config openssl.cnf \ # Copy keys and certs to working directory cp sample-ca/*.key . cp sample-ca/*.crt . - diff --git a/src/Model/ssl/openvpn/openssl.cnf b/src/Model/ssl/openvpn/openssl.cnf index 83bb171d..c6650283 100644 --- a/src/Model/ssl/openvpn/openssl.cnf +++ b/src/Model/ssl/openvpn/openssl.cnf @@ -25,7 +25,7 @@ x509_extensions = basic_exts # The extentions to add to the cert # is designed for will. In return, we get the Issuer attached to CRLs. crl_extensions = crl_ext -default_days = 365 # how long to certify for +default_days = 3650 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = sha256 # use public key default MD preserve = no # keep passed DN ordering