2 # This shell script will generate an X509 certificate for your gnunet-gns-proxy
3 # and install it (for both GNUnet and your browser).
5 if ! which certtool > /dev/null
7 echo "'certtool' command not found. Please install it."
13 while getopts "c:" opt; do
16 options="$options -c $OPTARG"
19 echo "Invalid option: -$OPTARG" >&2
23 echo "Option -$OPTARG requires an argument." >&2
29 GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
30 GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
31 GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
32 GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
33 mkdir -p `dirname $GNS_CA_CERT_PEM`
35 openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
37 echo "Removing passphrase from key"
38 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
40 echo "Making private key available to gnunet-gns-proxy"
41 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
43 echo "Importing CA into browsers"
44 for f in ~/.mozilla/firefox/*.default/
47 echo "Importing CA info Firefox at $f/"
48 # delete old certificate (if any)
49 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
51 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
55 if [ -d ~/.pki/nssdb/ ]; then
56 echo "Importing CA into Chrome at ~/.pki/nssdb/"
57 # delete old certificate (if any)
58 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
60 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
64 rm -f $GNSCAKY $GNSCANO $GNSCERT
66 echo "==================================="
67 echo "You can now start gnunet-gns-proxy."
68 echo "Afterwards, configure your browser "
69 echo " to use a SOCKS proxy on port 7777."
70 echo "==================================="
projects / oweals / gnunet.git / blob