OpenSSL Setup Script


This page is intended for network admins.

This page provides a combined OpenSSL setup script and tutorial that I wrote for somebody who was interested in the subject.

OpenSSL includes a setup script named However, current versions of aren't well commented and I've never been able to make them work properly. So I've written another script named make-openssl-site that both sets things up and explains what's going on.

The new script creates an OpenSSL certificate authority, adds sample users, and displays sample E-mail conversion commands. The resulting OpenSSL system should be compatible with recent versions of GnuPG series 2, though this isn't guaranteed.

Warning: Anybody who might find the new script useful is welcome to try it. However, note that the script will erase your existing OpenSSL configuration. If you remember to backup the old configuration before running the script, you'll be able to restore things later. However, if you forget to make a backup, you'll lose the old configuration permanently. Therefore, you shouldn't execute the script on critical systems until you're familiar with the procedures involved.

To use the script, first edit it and set a configuration parameter named CNFPATH. If you're not sure of the correct value, this step is optional. The script will try to figure things out. After you're done modifying the script, run it. No command-line parameters are required.

The script is designed to abort at the first sign of errors or problems. If this happens, and you're able to correct whatever went wrong, running the script again should reset things appropriately.

To browse the source code, click here. For license information, see the top of the file.

To download a zipped copy of the script (plus a required configuration file), click here.

Hosting provided by Zymic.

For acknowledgments related to CSS and other code used, click here.

Linked or embedded works (software, books, articles, etc.) are presented under their own licenses.

Other unique content on this page, excluding screenshots, is distributed under the following license: C.C. Attribution NonCommercial ShareAlike 3.0. In some cases, screenshots are distributed under the same license. In other cases, the associated program's license applies.

image Valid XHTML 1.0