Man pages sections > man1 > cipux_mkcertkey

cipux_mkcertkey - simple script to generate certificate for stunnel

CIPUX_MKCERTKEY(1p) User Contributed Perl Documentation CIPUX_MKCERTKEY(1p)

NAME

cipux_mkcertkey - simple script to generate certificate for stunnel

VERSION

version 3.4.0.0

SYNOPSIS

        cipux_mkcertkey

REQUIRED ARGUMENTS

None.

ABSTRACT

In order to add security to your XML-RPC server you should generate a certificate. This script shows a simple method to do that. You have to take the responsibility by yourself to make sure you understand what you do.

DESCRIPTION

Generates a certificate and a key in /etc/cipux/stunnel.

USAGE

 cipux_mkcertkey

OPTIONS

None.

CERTIFICATE

Each SSL enabled XML-RPC server needs to present a valid X.509 certificate to the peer and it also needs a private key to decrypt the incoming data. The easiest way to obtain a certificate and a key is to generate them with the free openssl package. You can find more information on certificates generation below. The certificates must be in PEM format and must be sorted starting with the certificate to the highest level (root CA)
Two things are important when generating the certificate-key pairs.
(1) Because the server has no way to obtain the password from the user, the private key cannot be encrypted. To create an unencrypted key add the "-nodes" option when running the req command from the openssl kit.
(2) The order of contents of the .pem file is also important. It should contain the unencrypted private key first, then a signed certificate (not certificate request). There should be also empty lines after certificate and private key. Plaintext certificate information appended on the top of generated certificate should be discarded. So the file should look like this:
             -----BEGIN RSA PRIVATE KEY-----
             [encoded key]
             -----END RSA PRIVATE KEY-----
             [empty line]
             -----BEGIN CERTIFICATE-----
             [encoded certificate]
             -----END CERTIFICATE-----
             [empty line]
This can be stored in one file or in two files. This script stores the in to files to have the flexibility to use the certificate in other location. This to files will be created:
 stunnel-cert.pem
 stunnel-key.pem

DIAGNOSTICS

TODO: write explanations to the messages.
"Cannot find certificate configuration: %s"
"Cannot find openssl executable: %s"
"Directory to store certs do not exist: %s"
"Directory to store certs is not save!..."
 Directory to store certs is not save!
 Should be for example:
 drwx------ 2 root root 4096 2008-04-17 21:15 /etc/cipux/stunnel
    
"Cannot execute %s"
"Can not close %s"
"Can not print to STDOUT!"
"%s not known to the system!"

CONFIGURATION

TODO.

DEPENDENCIES

Carp CipUX File::stat Cwd POSIX Readonly Fatal English version

INCOMPATIBILITIES

Not known.

BUGS AND LIMITATIONS

Not known.

SEE ALSO

See the CipUX webpage and the manual at <http://www.cipux.org> See the mailing list <http://sympa.cipworx.org/wws/info/cipux-devel>

AUTHOR

Christian Kuelker <christian.kuelker@cipworx.org> Copyright (C) 2008 by Christian Kuelker
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
2015-07-24 perl v5.20.2