scripts/ssl_mgmt/README

ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.

ssl_mgmt refers to certificates through the service they are associated with.

*** EXAMPLES ***

To renew the certificate associated to HTTPS, the command line is:
 ssl_mgmt renew https

If you want to renew certificates of all services, you should do:
 ssl_mgmt renew all

Note: This suppose that
 * all services are listed in /root/homemade_certs;
 * directories have special rights so that newly created certificates
   automatically get proper rights;
 * the root CA is already created;
 * openssl.cnf.in is copied in the CA hierarchy's root.

The file system hierarchy assumed is:
lrwxrwxrwx  1 root root       14  6 janv.  2010 certs -> /etc/ssl/certs
drws--S---+ 2 root ssl-cert 4096 23 janv.  2011 csr
-rw-------  1 root ssl-cert 1937 20 févr. 16:38 index.txt
-rw-------  1 root ssl-cert   20 20 févr. 16:38 index.txt.attr
drwSr-Sr--+ 2 root ssl-cert 4096 20 févr. 16:38 newcerts
drwSr-S---+ 2 root ssl-cert 4096 20 févr. 16:38 newkeys
-rw-r--r--  1 root ssl-cert 1546 20 févr. 14:24 openssl.cnf.in
lrwxrwxrwx  1 root root       16  6 janv.  2010 private -> /etc/ssl/private
-rw-------  1 root ssl-cert    3 20 févr. 16:38 serial

About csr, newcerts and newkeys:

# file: usr/lib/ssl/CA/csr
# owner: root
# group: ssl-cert
# flags: ss-
user::rwx
group::---
other::---
default:user::rw-
default:group::r--
default:other::---

# file: usr/lib/ssl/CA/newcerts
# owner: root
# group: ssl-cert
# flags: ss-
user::rw-
group::r--
other::r--
default:user::rw-
default:group::r--
default:other::r--

# file: usr/lib/ssl/CA/newkeys
# owner: root
# group: ssl-cert
# flags: ss-
user::rw-
group::r--
other::---
default:user::rw-
default:group::r--
default:other::---

To use this script, you have to be root, or to be able to execute
commands with root privileges through sudo.
You should install it in a directory within the PATH of the root user,
such as /usr/local/sbin.