#!/bin/sh -e . /usr/share/debconf/confmodule db_input medium strongswan/start_level || true # disable for now, until we can deal with the don't-edit-conffiles situation #db_input high strongswan/ikev1 || true #db_input high strongswan/ikev2 || true db_input medium strongswan/restart || true db_input high strongswan/enable-oe || true db_input high strongswan/create_rsa_key || true db_go || true db_get strongswan/create_rsa_key if [ "$RET" = "true" ]; then # create a new certificate db_input medium strongswan/rsa_key_length || true db_input high strongswan/x509_self_signed || true # we can't allow the country code to be empty - openssl will # refuse to create a certificate this way countrycode="" while [ -z "$countrycode" ]; do db_input medium strongswan/x509_country_code || true db_go || true db_get strongswan/x509_country_code countrycode="$RET" done db_input medium strongswan/x509_state_name || true db_input medium strongswan/x509_locality_name || true db_input medium strongswan/x509_organization_name || true db_input medium strongswan/x509_organizational_unit || true db_input medium strongswan/x509_common_name || true db_input medium strongswan/x509_email_address || true db_go || true else db_get strongswan/existing_x509_certificate if [ "$RET" = "true" ]; then # existing certificate - use it db_input critical strongswan/existing_x509_certificate_filename || true db_input critical strongswan/existing_x509_key_filename || true db_go || true fi fi