Fix up SSL configuration (certificate generation, etc.)

author: Paul Sokolovsky <paul.sokolovsky@linaro.org> 2011-04-15 20:22:48 +0300
committer: Paul Sokolovsky <paul.sokolovsky@linaro.org> 2011-04-15 20:22:48 +0300
commit: 62f5005e8f5521529ac989a61b0297a6b520b767 (patch)
tree: 29a9d2d1d9be60ac1109b1ac9c0230ec1901dc73
parent: d647d5ce7e6acbebd56e8e48b03e89dd0379d7fe (diff)
parent: 6a9a1c64bef61f30df2b4f8a59f02b8ccda890e2 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/control/setup-control-node b/control/setup-control-node
index a5431ef..b91569f 100755
--- a/control/setup-control-node
+++ b/control/setup-control-node
@@ -60,9 +60,10 @@ sudo a2enmod proxy_http
 sudo a2enmod headers
 sudo a2enmod rewrite
 sudo a2enmod expires
+sudo a2enmod ssl
 
 # make self-signed certificate
-cat <<EOF > /tmp/ssleay.conf
+cat <<EOF > /tmp/ssleay.cnf
 RANDFILE                = /dev/urandom
 [ req ]
 default_bits            = 1024
@@ -73,9 +74,10 @@ policy			= policy_anything
 [ req_distinguished_name ]
 commonName                      = android-build.linaro.org
 EOF
-sudo openssl req -config /tmp/ssleay.cnf -new -x509 -days 3650 -nodes -out /etc/ssl/private/android-build.linaro.org.crt
-sudo chmod go-a /etc/ssl/private/android-build.linaro.org.crt
-rm /tmp/ssleay.conf
+CERT_PATH=/etc/ssl/private/android-build.linaro.org.crt
+sudo openssl req -config /tmp/ssleay.cnf -new -x509 -days 3650 -nodes -out $CERT_PATH -keyout $CERT_PATH
+sudo chmod 0600 $CERT_PATH
+rm /tmp/ssleay.cnf
 
 cat <<EOF | sudo tee /etc/apache2/conf.d/extra-port > /dev/null
 Listen 127.0.0.1:600
author	Paul Sokolovsky <paul.sokolovsky@linaro.org>	2011-04-15 20:22:48 +0300
committer	Paul Sokolovsky <paul.sokolovsky@linaro.org>	2011-04-15 20:22:48 +0300
commit	62f5005e8f5521529ac989a61b0297a6b520b767 (patch)
tree	29a9d2d1d9be60ac1109b1ac9c0230ec1901dc73
parent	d647d5ce7e6acbebd56e8e48b03e89dd0379d7fe (diff)
parent	6a9a1c64bef61f30df2b4f8a59f02b8ccda890e2 (diff)