Ticket #1552: install_ssl.patch

debian/arqs-conf/etc/apache2/sites-available/default

@@ -76 +76 @@
         SSLCertificateFile /etc/apache2/ssl/server.crt
         SSLCertificateKeyFile /etc/apache2/ssl/server.key.pem
         SSLCACertificatePath /etc/apache2/ssl
-        SSLCACertificateFile /etc/apache2/ssl/cacert.pem
 
         SSLVerifyClient none
         SSLVerifyDepth  10

debian/arqs-conf/etc/apache2/sites-available/default.lenny

@@ -76 +76 @@
         SSLCertificateFile /etc/apache2/ssl/server.crt
         SSLCertificateKeyFile /etc/apache2/ssl/server.key.pem
         SSLCACertificatePath /etc/apache2/ssl
-        SSLCACertificateFile /etc/apache2/ssl/cacert.pem
 
         SSLVerifyClient none
         SSLVerifyDepth  10

debian/arqs-conf/etc/apache2/ssl/cacert.pem

@@ -1 @@
------BEGIN CERTIFICATE-----
-MIIDJTCCAo6gAwIBAgIJANV53TwcuDSoMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNV
-BAYTAkJSMQwwCgYDVQQIEwNSR1MxFTATBgNVBAcTDFBPUlRPIEFMRUdSRTERMA8G
-A1UEChMIRVhQUkVTU08xETAPBgNVBAsTCEVYUFJFU1NPMREwDwYDVQQDEwhFWFBS
-RVNTTzAeFw0wOTA0MTYxOTA0MjlaFw0xMDA0MTYxOTA0MjlaMGsxCzAJBgNVBAYT
-AkJSMQwwCgYDVQQIEwNSR1MxFTATBgNVBAcTDFBPUlRPIEFMRUdSRTERMA8GA1UE
-ChMIRVhQUkVTU08xETAPBgNVBAsTCEVYUFJFU1NPMREwDwYDVQQDEwhFWFBSRVNT
-TzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAohiBR27FKKL7e9GiqAmdg1py
-uYI6tl8xEAxhUScrog5BzPCZgM0+ArqLLbpwyCqcVuxzhrp6YrnuI2CItArAIQvB
-5Sm04uKKoYjCEl/BsmvRbvEmUYCkmWXo2YBK4vsxEuRaNWxfD6r/0JCHJFU+4oDa
-z0na7H1Xylzpf0Eick8CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUAmp9kXNtu8kt3wIZ
-2hyy8K39TRwwgZ0GA1UdIwSBlTCBkoAUAmp9kXNtu8kt3wIZ2hyy8K39TRyhb6Rt
-MGsxCzAJBgNVBAYTAkJSMQwwCgYDVQQIEwNSR1MxFTATBgNVBAcTDFBPUlRPIEFM
-RUdSRTERMA8GA1UEChMIRVhQUkVTU08xETAPBgNVBAsTCEVYUFJFU1NPMREwDwYD
-VQQDEwhFWFBSRVNTT4IJANV53TwcuDSoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAStkZPzZLGh5RkajmG+IsXOJVe7sxTzlPo1hMW/WDzbRxcXIVPkYY
-OdxOIXYAn35XCAOBBXzh1FNpEX/TVMngIeOnvjbcsxwcTMLUVVs4nQGy+V+sL6qf
-CR6sEzpVZIcHXOFeKK7To1T2V3Pltj6yTQ4lDA4IKXl+Clj1Pl6anrw=
------END CERTIFICATE-----

debian/arqs-conf/etc/apache2/ssl/server.crt

@@ -1 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=BR, ST=RGS, L=PORTO ALEGRE, O=EXPRESSO, OU=EXPRESSO, CN=EXPRESSO
-        Validity
-            Not Before: Apr 16 19:41:53 2009 GMT
-            Not After : Apr 16 19:41:53 2010 GMT
-        Subject: C=BR, ST=RGS, O=EXPRESSO, OU=SERVIDOR-EXPRESSO, CN=SERVIDOR-EXPRESSO
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d2:99:0d:00:ac:cd:36:9c:3b:ad:33:6e:2c:95:
-                    f6:1e:00:ad:f6:7b:f9:44:0e:68:10:40:68:3f:76:
-                    4e:3c:48:b0:37:51:ad:cc:8f:0c:dd:b1:a7:de:93:
-                    6a:1b:d0:b5:b0:ec:4e:69:84:aa:38:15:6b:5d:df:
-                    96:af:79:4a:c6:eb:4a:0b:65:c6:9c:6e:86:d2:52:
-                    60:77:73:17:23:6c:a7:cd:96:16:26:5f:a8:12:e4:
-                    66:b1:30:a6:c3:74:75:b8:a4:10:0b:1a:05:86:5e:
-                    87:b2:86:7d:49:37:b9:27:d4:f8:3c:ea:cc:0d:06:
-                    49:e9:ca:26:77:89:04:bd:eb
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                72:BB:25:9C:5C:00:19:68:10:14:7A:E0:B9:07:75:B0:63:51:05:D2
-            X509v3 Authority Key Identifier: 
-                keyid:02:6A:7D:91:73:6D:BB:C9:2D:DF:02:19:DA:1C:B2:F0:AD:FD:4D:1C
-
-    Signature Algorithm: sha1WithRSAEncryption
-        98:b0:61:1b:10:4d:e6:37:f9:a6:ce:d5:3b:d5:9b:bb:7e:28:
-        73:52:dd:b1:88:6a:f1:a1:9d:96:6b:db:b7:89:3a:f9:e6:f5:
-        fb:b2:a6:2e:6f:4e:77:ed:62:f9:e2:18:03:55:9f:06:43:26:
-        c1:50:5c:10:f8:41:ee:f1:93:38:f5:5f:0a:de:2d:a6:52:5f:
-        48:07:0c:9c:fc:4b:3a:95:15:ed:9a:4f:b3:0b:fa:87:51:f9:
-        7b:87:c4:1b:9f:77:f0:fd:99:64:4e:91:9e:29:42:49:78:31:
-        0f:b5:f9:91:7d:2f:0e:9d:0b:66:84:59:3d:bc:c7:45:82:16:
-        39:cf
------BEGIN CERTIFICATE-----
-MIICwjCCAiugAwIBAgIBATANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJCUjEM
-MAoGA1UECBMDUkdTMRUwEwYDVQQHEwxQT1JUTyBBTEVHUkUxETAPBgNVBAoTCEVY
-UFJFU1NPMREwDwYDVQQLEwhFWFBSRVNTTzERMA8GA1UEAxMIRVhQUkVTU08wHhcN
-MDkwNDE2MTk0MTUzWhcNMTAwNDE2MTk0MTUzWjBmMQswCQYDVQQGEwJCUjEMMAoG
-A1UECBMDUkdTMREwDwYDVQQKEwhFWFBSRVNTTzEaMBgGA1UECxMRU0VSVklET1It
-RVhQUkVTU08xGjAYBgNVBAMTEVNFUlZJRE9SLUVYUFJFU1NPMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDSmQ0ArM02nDutM24slfYeAK32e/lEDmgQQGg/dk48
-SLA3Ua3Mjwzdsafek2ob0LWw7E5phKo4FWtd35aveUrG60oLZcacbobSUmB3cxcj
-bKfNlhYmX6gS5GaxMKbDdHW4pBALGgWGXoeyhn1JN7kn1Pg86swNBknpyiZ3iQS9
-6wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
-bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcrslnFwAGWgQFHrguQd1sGNR
-BdIwHwYDVR0jBBgwFoAUAmp9kXNtu8kt3wIZ2hyy8K39TRwwDQYJKoZIhvcNAQEF
-BQADgYEAmLBhGxBN5jf5ps7VO9Wbu34oc1LdsYhq8aGdlmvbt4k6+eb1+7KmLm9O
-d+1i+eIYA1WfBkMmwVBcEPhB7vGTOPVfCt4tplJfSAcMnPxLOpUV7ZpPswv6h1H5
-e4fEG5938P2ZZE6RnilCSXgxD7X5kX0vDp0LZoRZPbzHRYIWOc8=
------END CERTIFICATE-----

debian/arqs-conf/etc/apache2/ssl/server.key.pem

@@ -1 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDSmQ0ArM02nDutM24slfYeAK32e/lEDmgQQGg/dk48SLA3Ua3M
-jwzdsafek2ob0LWw7E5phKo4FWtd35aveUrG60oLZcacbobSUmB3cxcjbKfNlhYm
-X6gS5GaxMKbDdHW4pBALGgWGXoeyhn1JN7kn1Pg86swNBknpyiZ3iQS96wIDAQAB
-AoGADV1XHObacw/BHcG4yS2PG+JRJ+ZAMFh1tCpSM0zPtDWssSYG0Id3eo4uqApU
-3oUFMsAcTcf0gXCiiqeIyYP6Ab4XzIS0AhtjHuzLPkvhq8F+3N8AN2bloEgquJp3
-wTjV/MUGcZKxgdIxFyEPetz2iXAlv6doSXHTUhsHUsgNxOECQQD63BUxRIDzzWiZ
-AZexYYqLVBQki3J69AuaTOQUbfdTWDsDcGwGpYjZGnvK+jZL9C7/b7KWwO0ub5Qb
-EiNSE6TRAkEA1unE7n1hIiKWmgeWAhiY3rQn4OLiPGo3EUl1I5YR1TUHQn7WlpoA
-3RV7DBv6FnZ3h7fy1gwuDhiB+xI/cq0V+wJBAPCtiJOdMs82St1Jft1LRR4Jy82I
-EIzQafVfQhArtPe8ldnl2W7DELmixBRo3QEgRJsD8mbasHQ1zvXt//82I5ECQQCa
-kJpf47CeOj4SHW6Xp1Uapnsf1E1dog5k0m364A2HR5InEs4GllAUsURD20MsMJua
-8oMlyrC81od1KRSUx0NNAkBvIBEwaDvN+xM+FAOOT5R1C7oT85XCHECpttSnLsG5
-VhlBmCxoH4qZnziSHbypS3SWn804PTtXSyb2LLFf1Ti/
------END RSA PRIVATE KEY-----

debian/expressoInstallDebian-lenny-es.sh

@@ -72 +72 @@
 cp ./arqs-conf/etc/apache2/apache2.conf.lenny /etc/apache2/apache2.conf
 cp ./arqs-conf/etc/apache2/sites-available/default.lenny /etc/apache2/sites-available/expresso
 cp ./arqs-conf/etc/apache2/ports.conf.lenny /etc/apache2/ports.conf
-cp -r -p ./arqs-conf/etc/apache2/ssl/ /etc/apache2/
 
 cp ./arqs-conf/etc/php5/apache2/php.ini /etc/php5/apache2/
 mkdir /php_sessions/ || { echo "Diretório já existe. [OK]"; }
-chmod -R 777 /php_sessions/
+chmod -R 770 /php_sessions/
 
 a2ensite expresso
 a2dissite default
@@ -84 +83 @@
 # Linha adicionada para resolver alguns warnings quando "apache2ctl configtest"
 HOST=`hostname` ; mv /etc/hosts /etc/hosts.ori ; echo 127.0.0.1 $DOMAIN localhost $HOST  > /etc/hosts ; cat /etc/hosts.ori >> /etc/hosts ; rm /etc/hosts.ori
 
+# Gerando certificado digital para o Apache(HTTPS)
+INFOCERTIFICADO='
+Informacoes para o certificado digital
+
+FAVOR NAO USAR ACENTOS E CARACTERES ESPECIAIS!!!
+
+6 (seis) perguntas serao feitas a voce.
+- Escolha um pais.
+- Escolha um estado.
+- Escolha uma cidade.
+- Escolha uma empresa.
+- Escolha uma senha para o certificado.
+- Escolha o tempo de expiracao do certificado.
+
+Com estas informacoes o script podera
+gerar e instalar o certificado digital
+no servidor no Apache.
+'
+
+dialog --backtitle "$BACKTITLE" \
+   --cr-wrap \
+   --msgbox "$INFOCERTIFICADO" \
+   20 55 &&
+
+COUNTRY=$( dialog --stdout --inputbox 'Digite as duas letras do pais, (ex.: BR)' 0 55 )
+STATE=$( dialog --stdout --inputbox 'Digite o nome do estado, (ex.: Pernambuco)' 0 55 )
+CITY=$( dialog --stdout --inputbox 'Digite o nome da cidade, (ex.: Recife)' 0 55 )
+COMPANY=$( dialog --stdout --inputbox 'Digite o nome da empresa, (ex.: ATI-PE)' 0 55 )
+PASSCERT=$( dialog --stdout --inputbox 'Digite a senha do certificado com no minimo 4 digitos' 0 70 )
+EXPIRESCERT=$( dialog --stdout --inputbox 'Digite o numero de dias para a expiracao do certificado, (ex.: 1 ano eh igual a 365)' 0 100 )
+
+openssl req -passout pass:$PASSCERT -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$COMPANY" -new > new.cert.csr
+openssl rsa -passin pass:$PASSCERT -in privkey.pem -out new.cert.key
+openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days $EXPIRESCERT
+
+mv new.cert.cert /etc/apache2/ssl/server.crt
+mv new.cert.key /etc/apache2/ssl/server.key.pem
+rm new.cert.csr
+rm privkey.pem
+# Fim do gerando certificado digital para o Apache(HTTPS)
+
 /etc/init.d/apache2 restart
 
 ############################################################################################

debian/expressoInstallDebian-lenny.sh

@@ -71 +71 @@
 cp ./arqs-conf/etc/apache2/apache2.conf.lenny /etc/apache2/apache2.conf
 cp ./arqs-conf/etc/apache2/sites-available/default.lenny /etc/apache2/sites-available/expresso
 cp ./arqs-conf/etc/apache2/ports.conf.lenny /etc/apache2/ports.conf
-cp -r -p ./arqs-conf/etc/apache2/ssl/ /etc/apache2/
 
 cp ./arqs-conf/etc/php5/apache2/php.ini /etc/php5/apache2/
 mkdir /php_sessions/ || { echo "Diretório já existe. [OK]"; }
-chmod -R 777 /php_sessions/
+chmod -R 770 /php_sessions/
 
 a2ensite expresso
 a2dissite default
@@ -83 +82 @@
 # Linha adicionada para resolver alguns warnings quando "apache2ctl configtest"
 HOST=`hostname` ; mv /etc/hosts /etc/hosts.ori ; echo 127.0.0.1 $DOMAIN localhost $HOST  > /etc/hosts ; cat /etc/hosts.ori >> /etc/hosts ; rm /etc/hosts.ori
 
+# Gerando certificado digital para o Apache(HTTPS)
+INFOCERTIFICADO='
+Informacoes para o certificado digital
+
+FAVOR NAO USAR ACENTOS E CARACTERES ESPECIAIS!!!
+
+6 (seis) perguntas serao feitas a voce.
+- Escolha um pais.
+- Escolha um estado.
+- Escolha uma cidade.
+- Escolha uma empresa.
+- Escolha uma senha para o certificado.
+- Escolha o tempo de expiracao do certificado.
+
+Com estas informacoes o script podera
+gerar e instalar o certificado digital
+no servidor no Apache.
+'
+
+dialog --backtitle "$BACKTITLE" \
+   --cr-wrap \
+   --msgbox "$INFOCERTIFICADO" \
+   20 55 &&
+
+COUNTRY=$( dialog --stdout --inputbox 'Digite as duas letras do pais, (ex.: BR)' 0 55 )
+STATE=$( dialog --stdout --inputbox 'Digite o nome do estado, (ex.: Pernambuco)' 0 55 )
+CITY=$( dialog --stdout --inputbox 'Digite o nome da cidade, (ex.: Recife)' 0 55 )
+COMPANY=$( dialog --stdout --inputbox 'Digite o nome da empresa, (ex.: ATI-PE)' 0 55 )
+PASSCERT=$( dialog --stdout --inputbox 'Digite a senha do certificado com no minimo 4 digitos' 0 70 )
+EXPIRESCERT=$( dialog --stdout --inputbox 'Digite o numero de dias para a expiracao do certificado, (ex.: 1 ano eh igual a 365)' 0 100 )
+
+openssl req -passout pass:$PASSCERT -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$COMPANY" -new > new.cert.csr
+openssl rsa -passin pass:$PASSCERT -in privkey.pem -out new.cert.key
+openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days $EXPIRESCERT
+
+mv new.cert.cert /etc/apache2/ssl/server.crt
+mv new.cert.key /etc/apache2/ssl/server.key.pem
+rm new.cert.csr
+rm privkey.pem
+# Fim do gerando certificado digital para o Apache(HTTPS)
+
 /etc/init.d/apache2 restart
 
 ############################################################################################

debian/expressoInstallDebian-squeeze.sh

@@ -66 +66 @@
 cp ./arqs-conf/etc/apache2/apache2.conf.lenny /etc/apache2/apache2.conf
 cp ./arqs-conf/etc/apache2/sites-available/default.lenny /etc/apache2/sites-available/expresso
 cp ./arqs-conf/etc/apache2/ports.conf.lenny /etc/apache2/ports.conf
-cp -r -p ./arqs-conf/etc/apache2/ssl/ /etc/apache2/
 
 cp ./arqs-conf/etc/php5/apache2/php.ini /etc/php5/apache2/
 mkdir /php_sessions/ || { echo "Diretorio ja existe. [OK]"; }
@@ -78 +77 @@
 # Linha adicionada para resolver alguns warnings quando "apache2ctl configtest"
 HOST=`hostname` ; mv /etc/hosts /etc/hosts.ori ; echo 127.0.0.1 $DOMAIN localhost $HOST  > /etc/hosts ; cat /etc/hosts.ori >> /etc/hosts ; rm /etc/hosts.ori
 
+# Gerando certificado digital para o Apache(HTTPS)
+INFOCERTIFICADO='
+Informacoes para o certificado digital
+
+FAVOR NAO USAR ACENTOS E CARACTERES ESPECIAIS!!!
+
+6 (seis) perguntas serao feitas a voce.
+- Escolha um pais.
+- Escolha um estado.
+- Escolha uma cidade.
+- Escolha uma empresa.
+- Escolha uma senha para o certificado.
+- Escolha o tempo de expiracao do certificado.
+
+Com estas informacoes o script podera
+gerar e instalar o certificado digital
+no servidor no Apache.
+'
+
+dialog --backtitle "$BACKTITLE" \
+   --cr-wrap \
+   --msgbox "$INFOCERTIFICADO" \
+   20 55 &&
+
+COUNTRY=$( dialog --stdout --inputbox 'Digite as duas letras do pais, (ex.: BR)' 0 55 )
+STATE=$( dialog --stdout --inputbox 'Digite o nome do estado, (ex.: Pernambuco)' 0 55 )
+CITY=$( dialog --stdout --inputbox 'Digite o nome da cidade, (ex.: Recife)' 0 55 )
+COMPANY=$( dialog --stdout --inputbox 'Digite o nome da empresa, (ex.: ATI-PE)' 0 55 )
+PASSCERT=$( dialog --stdout --inputbox 'Digite a senha do certificado com no minimo 4 digitos' 0 70 )
+EXPIRESCERT=$( dialog --stdout --inputbox 'Digite o numero de dias para a expiracao do certificado, (ex.: 1 ano eh igual a 365)' 0 100 )
+
+openssl req -passout pass:$PASSCERT -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$COMPANY" -new > new.cert.csr
+openssl rsa -passin pass:$PASSCERT -in privkey.pem -out new.cert.key
+openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days $EXPIRESCERT
+
+mv new.cert.cert /etc/apache2/ssl/server.crt
+mv new.cert.key /etc/apache2/ssl/server.key.pem
+rm new.cert.csr
+rm privkey.pem
+# Fim do gerando certificado digital para o Apache(HTTPS)
+
 /etc/init.d/apache2 restart
 
 ############################################################################################