certmaker 0.0.1 → 0.0.2

data/README.md

@@ -9,7 +9,7 @@ This project is at an early stage. It is 100% usable for people who use Namechea
 ### Usage
 The typical usage is to create a private key locally and a CSR
 
-    certmaker create your.secure.domain
+    certmaker create www.example.com
 
 You then keep the private key safe and use the CSR to request an SSL cert from your SSL Certificate provider
 
@@ -17,21 +17,20 @@ For some platforms the cert you receive from your SSL Certificate provider is al
 
 For other platforms (eg. heroku) you need to do a little more, such as combining together your key, certifice, intermediate cert chain as well as removing passwords.
 
-For heroku you just save the SSL cert zip in designated directory and run the commands...
+For Namecheap Comodo PositiveSSL certs with heroku you just save the SSL cert zip in SSL provider artifact directory (eg. ~/.certmaker/certs/www_example_com_ssl/2_ssl_provider_artifacts/zips ) and run the commands...
 
-    certmaker unpack_namecheap your.secure.domain
-    certmaker heroku_wizard your.secure.domain
+    certmaker unpack_namecheap www.example.com
+    certmaker heroku_wizard www.example.com
 
 ... to do all that is necessary (currently we only can vouch for this process working with namecheap.com Comodo PositiveSSL certs as it all we have tested with). This will do the necessary transformations and then prompt you to upload the finished SSL cert to your heroku app.
 
 We also provide the following commands
 
-    certmaker unpack_namecheap your.secure.domain
-    certmaker combine_key your.secure.domain # can take an optional --certfilename parameter
-    certmaker remove_passphrases your.secure.domain
-    certmaker append_chain your.secure.domain
-    certmaker check_chain your.secure.domain
-    certmaker upload_to_heroku your.secure.domain
+    certmaker unpack_namecheap www.example.com
+    certmaker remove_passphrases www.example.com
+    certmaker append_chain www.example.com
+    certmaker check_chain www.example.com
+    certmaker upload_to_heroku www.example.com
 
 All your keys, certs and other details are stored under a .certmaker directory in your home directory. You need to have a little understanding of the directory stucture to know where to find things. Each cert you generate will live in its own directory under .certmaker/certs/
 
@@ -39,24 +38,26 @@ For example...
 
     /home/user/.certmaker/
     `-- certs
-      `-- www_sample_com_ssl
+      `-- www_example_com_ssl
           |-- 1_my_key_and_csr
-          |   |-- www.sample.com.csr
-          |   `-- www.sample.com.key
+          |   |-- www.example.com.csr
+          |   `-- www.example.com.key
           |-- 2_ssl_provider_artifacts
           |   `-- zips
-          |-- 3_key_cert_combo
-          |-- 4_key_cert_nopass
-          |-- 5_key_cert_no_pass_chained
+          |-- 3_key_and_cert_nopass
+          |-- 4_key_and_cert_nopass_chained
           `-- config.yml
 
 ... your private key and CSR will be under 1_my_key_and_csr
 
-Note: The first time you run a command such as 'certmaker create your.secure.domain' for a new subdomain you will be prompted to create a config.yml file under the individual cert directory. Currently this config file is only used to supply the 'ordered_chain_filenames' setting. This allows you to define the order in which intermediate certs are chained together (yes, this all does sound unnecessarily confusing!).
+Note: The first time you run a command such as 'certmaker create www.example.com' for a new subdomain you will be prompted to create a config.yml file under the individual cert directory. Currently this config file is only used to supply the 'ordered_chain_filenames' setting. This allows you to define the order in which intermediate certs are chained together (yes, this all does sound unnecessarily confusing!).
 
 The 2_ssl_provider_artifacts directory is used to store the cert and other bits send on by your SSL certificate provider after you have successfully applied for a cert (zip files should be stored in the zips folder).
 
-The 3_key_cert_combo is used to store files that combine a private key and a cert. The 4_key_cert_nopass directory transforms the contents of the previous directory so that any password has been remove from the files. This is often required so that cloud servers can automatically restart your app without needing to supply a password. Finally the 5_key_cert_no_pass_chained transforms the files a little more - ultimately it contains the final version of the cert by adding the intermediate chain. So by this stage we should have our SSL cert (with the key combined, any passwords removed and the intermediate chain added). Phew!
+The 3_key_cert_nopass directory contains a copy of your private key and your ssl cert of with any passwords removed in case you had supplied any. This is often required so that cloud servers can automatically restart your app without needing to supply a password. Finally the 4_key_and_cert_nopass_chained transforms the files a little more - ultimately it contains the final version of the cert by adding the intermediate chain. So by this stage we should have our SSL cert (with any passwords removed and the intermediate chain added). Phew!
+
+###Issues
+Please log any issues at https://github.com/theirishpenguin/certmaker/issues
 
 ###Credits
 Thanks to the following resources which laid the the foundation for this gem

data/bin/certmaker

@@ -40,7 +40,7 @@ end
 @exe_filepath = File.expand_path(__FILE__)
 @command = ARGV[0]
 
-@commands = ['create', 'unpack_namecheap', 'combine_key', 'remove_passphrases', 'append_chain', 'check_chain', 'upload_to_heroku', 'heroku_wizard'] # 'assemble_chain'
+@commands = ['create', 'unpack_namecheap', 'remove_passphrases', 'append_chain', 'check_chain', 'upload_to_heroku', 'heroku_wizard'] # 'assemble_chain'
 
 unless @commands.include? @command
   puts "
@@ -87,6 +87,9 @@ Please create a config file at
 Here is a sample:
 
 #{sample_config_text}
+
+Then rerun this command: #{PROGRAM_NAME} create #{@common_name}
+
     "
     exit 1
   end
@@ -114,11 +117,10 @@ def create_wip_dirs
   @dir1 ="#{@cert_dir}/1_my_key_and_csr"
   @dir2 = "#{@cert_dir}/2_ssl_provider_artifacts"
   @dir2_zips = "#{@dir2}/zips"
-  @dir3 = "#{@cert_dir}/3_key_cert_combo"
-  @dir4 = "#{@cert_dir}/4_key_cert_nopass"
-  @dir5 = "#{@cert_dir}/5_key_cert_no_pass_chained"
+  @dir3 = "#{@cert_dir}/3_key_and_cert_nopass"
+  @dir4 = "#{@cert_dir}/4_key_and_cert_nopass_chained"
 
-  [@dir1, @dir2_zips, @dir3, @dir4, @dir5].each do |dir|
+  [@dir1, @dir2_zips, @dir3, @dir4].each do |dir|
     FileUtils.mkdir_p  dir
   end
 
@@ -129,7 +131,7 @@ def private_key_filepath
 end
 
 def private_key_nopass_filepath
-  "#{@dir4}/#{@common_name}.nopass.key"
+  "#{@dir3}/#{@common_name}.nopass.key"
 end
 
 def csr_filepath
@@ -144,16 +146,12 @@ def crt_filepath
   end
 end
 
-def key_cert_combo_filepath
-  "#{@dir3}/#{underscored_name}.pem"
-end
-
-def key_cert_combo_nopass_filepath
-  "#{@dir4}/#{underscored_name}.nopass.pem"
+def cert_nopass_filepath
+  "#{@dir3}/#{underscored_name}.nopass.pem"
 end
 
-def key_cert_combo_nopass_chained_filepath
-  "#{@dir5}/#{underscored_name}_chained.nopass.pem"
+def cert_nopass_chained_filepath
+  "#{@dir4}/#{underscored_name}_chained.nopass.pem"
 end
 
 def generate_private_key
@@ -183,6 +181,7 @@ Here's an example of values for your csr when asked.
 end
 
 def create
+  warn_if_private_key_already_exists
   generate_private_key
   display_csr_instructions
   generate_csr
@@ -194,9 +193,28 @@ def continue_prompt
   dummy = STDIN.gets.chomp
 end
 
+def warn_if_private_key_already_exists
+  if File.exist?(private_key_filepath)
+    puts "
+
+WARNING: A private key already for this domain at:
+
+  #{private_key_filepath}
+
+Continuing will destroy this private key, which cannot be recovered unless
+you have a backup of it. Are you sure you wish to continue?
+
+"
+    continue_prompt
+  end
+end
 
 def display_make_summary
   puts "
+
+
+###############################################################################
+
 A private key (.key file) and a CSR (.csr file) has been generated for you.
 
 The private key file is at
@@ -227,7 +245,6 @@ If your certs don't come in a zip file or your prefer to extract them manually b
 Once unpacked, you now have obtained your certs. Next up you can do any of the following as needed
 
   #{PROGRAM_NAME} heroku_wizard #{@common_name}
-  #{PROGRAM_NAME} combine_key #{@common_name}
   #{PROGRAM_NAME} remove_passphrases #{@common_name}
   #{PROGRAM_NAME} append_chain #{@common_name}
   #{PROGRAM_NAME} check_chain #{@common_name}
@@ -248,18 +265,12 @@ def unpack_namecheap
 end
 
 
-def combine_private_key_and_cert
-  instruct "Combining your private key with your combined cert"
-
-  `cat #{crt_filepath} #{private_key_filepath} > #{key_cert_combo_filepath}`
-end
-
 def remove_passphrases
   instruct "Removing passphrase"
 
-  puts `openssl rsa -in #{key_cert_combo_filepath} -out #{key_cert_combo_nopass_filepath}`
+  puts `openssl rsa -in #{crt_filepath} -out #{cert_nopass_filepath}`
 
-  puts `openssl x509 -in #{key_cert_combo_filepath} >> #{key_cert_combo_nopass_filepath}`
+  puts `openssl x509 -in #{crt_filepath} >> #{cert_nopass_filepath}`
 
   puts `openssl rsa -in #{private_key_filepath} -out #{private_key_nopass_filepath}`
 end
@@ -273,7 +284,7 @@ end
 def append_chain
   instruct "Appending intermediate chain to cert"
 
-  `cat #{key_cert_combo_nopass_filepath} #{chain_files_in_order} > #{key_cert_combo_nopass_chained_filepath}`
+  `cat #{cert_nopass_filepath} #{chain_files_in_order} > #{cert_nopass_chained_filepath}`
 end
 
 def check_chain
@@ -286,7 +297,7 @@ def check_chain
 
   instruct "Checking chain. The issuer of the first should be the subject of the second. And so on. Is that how the following output looks"
 
-  puts `perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer"); print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' #{key_cert_combo_nopass_chained_filepath}`
+  puts `perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer"); print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' #{cert_nopass_chained_filepath}`
 end
 
 def upload_to_heroku
@@ -294,13 +305,19 @@ def upload_to_heroku
   puts "What is your heroku app name?"
   app_name = STDIN.gets.chomp
 
-  cmd = "heroku ssl:add #{key_cert_combo_nopass_chained_filepath} #{private_key_nopass_filepath} --app #{app_name}"
+  cmd = "heroku ssl:add #{cert_nopass_chained_filepath} #{private_key_nopass_filepath} --app #{app_name}"
 
 puts "
+Please ensure that you have a Custom Domain for #{@common_name} setup on your Heroku app before continuing.
+
 If you want to upload the key certificate to heroku for your app, this will run the command
 
   #{cmd}
 
+If anything goes wrong at this stage you can simply run the following command to retry later
+
+  #{PROGRAM_NAME} upload_to_heroku #{@common_name}
+
 "
 
   continue_prompt
@@ -320,12 +337,9 @@ when 'create'
   create
 when 'unpack_namecheap'
   unpack_namecheap
-when 'combine_key'
-  combine_private_key_and_cert
 when 'remove_passphrases'
   remove_passphrases
 when 'heroku_wizard'
-  combine_private_key_and_cert
   remove_passphrases
   append_chain
   upload_to_heroku

metadata

@@ -2,7 +2,7 @@
 name: certmaker
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors: 
 - Declan McGrath
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-11-18 00:00:00 Z
+date: 2012-01-18 00:00:00 Z
 dependencies: []
 
 description: Easy way to make SSL Certs suitable for cloud platforms